ALT-PU-2015-1035-1
Closed vulnerabilities
Published: 2014-12-20
BDU:2015-06449
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-06450
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-06451
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-06452
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-06453
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-06454
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-06537
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09293
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09294
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09295
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09296
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09297
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09298
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
BDU:2015-09299
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-24
BDU:2015-09799
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-09870
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.3)
Vector: AV:N/AC:L/Au:M/C:P/I:P/A:C
References:
Published: 2014-12-22
BDU:2015-09871
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.3)
Vector: AV:N/AC:L/Au:M/C:P/I:P/A:C
References:
Published: 2014-12-22
BDU:2015-09872
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.3)
Vector: AV:N/AC:L/Au:M/C:P/I:P/A:C
References:
Published: 2014-12-22
BDU:2015-09873
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.3)
Vector: AV:N/AC:L/Au:M/C:P/I:P/A:C
References:
Published: 2014-12-22
BDU:2015-09874
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-09875
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-09876
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-09877
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-09880
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику получить несанкционированный доступ к устройству
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-12-22
BDU:2015-09881
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику получить несанкционированный доступ к устройству
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-12-22
BDU:2015-10234
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-10235
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-10236
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая удаленному злоумышленнику выполнить произвольный код
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-10237
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-22
BDU:2015-10238
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая удаленному злоумышленнику получить несанкционированный доступ к устройству
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-12-22
BDU:2015-10239
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику получить несанкционированный доступ к устройству
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2015-10-07
BDU:2017-02015
Уязвимость пакетов Crypto-NAK демон-программы ntpd протокола сетевого времени NTP, позволяющая нарушителю обойти процедуру аутентификации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-12-20
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9293
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw
- http://bugs.ntp.org/show_bug.cgi?id=2665
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71757
- https://bugzilla.redhat.com/show_bug.cgi?id=1176032
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw
- http://bugs.ntp.org/show_bug.cgi?id=2665
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71757
- https://bugzilla.redhat.com/show_bug.cgi?id=1176032
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
Published: 2014-12-20
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g
- http://bugs.ntp.org/show_bug.cgi?id=2666
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71762
- https://bugzilla.redhat.com/show_bug.cgi?id=1176035
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g
- http://bugs.ntp.org/show_bug.cgi?id=2666
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71762
- https://bugzilla.redhat.com/show_bug.cgi?id=1176035
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
Published: 2014-12-20
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g
- http://bugs.ntp.org/show_bug.cgi?id=2667
- http://bugs.ntp.org/show_bug.cgi?id=2668
- http://bugs.ntp.org/show_bug.cgi?id=2669
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71761
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm
- https://bugzilla.redhat.com/show_bug.cgi?id=1176037
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g
- http://bugs.ntp.org/show_bug.cgi?id=2667
- http://bugs.ntp.org/show_bug.cgi?id=2668
- http://bugs.ntp.org/show_bug.cgi?id=2669
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71761
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm
- https://bugzilla.redhat.com/show_bug.cgi?id=1176037
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
Published: 2014-12-20
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9296
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg
- http://bugs.ntp.org/show_bug.cgi?id=2670
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71758
- https://bugzilla.redhat.com/show_bug.cgi?id=1176040
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg
- http://bugs.ntp.org/show_bug.cgi?id=2670
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71758
- https://bugzilla.redhat.com/show_bug.cgi?id=1176040
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
Published: 2015-04-08
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-1798
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
Severity: LOW (1.8)
Vector: AV:A/AC:H/Au:N/C:N/I:P/A:N
References:
- http://bugs.ntp.org/show_bug.cgi?id=2779
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1459.html
- http://support.apple.com/kb/HT204942
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38276
- http://www.debian.org/security/2015/dsa-3223
- http://www.kb.cert.org/vuls/id/374268
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:202
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/73951
- http://www.securitytracker.com/id/1032032
- http://www.ubuntu.com/usn/USN-2567-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10114
- https://security.gentoo.org/glsa/201509-01
- http://bugs.ntp.org/show_bug.cgi?id=2779
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1459.html
- http://support.apple.com/kb/HT204942
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38276
- http://www.debian.org/security/2015/dsa-3223
- http://www.kb.cert.org/vuls/id/374268
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:202
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/73951
- http://www.securitytracker.com/id/1032032
- http://www.ubuntu.com/usn/USN-2567-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10114
- https://security.gentoo.org/glsa/201509-01
Published: 2015-04-08
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-1799
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
Severity: MEDIUM (4.3)
Vector: AV:A/AC:M/Au:N/C:N/I:P/A:P
References:
- http://bugs.ntp.org/show_bug.cgi?id=2781
- http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://marc.info/?l=bugtraq&m=145750740530849&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1459.html
- http://support.apple.com/kb/HT204942
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38275
- http://www.debian.org/security/2015/dsa-3222
- http://www.debian.org/security/2015/dsa-3223
- http://www.kb.cert.org/vuls/id/374268
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:202
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/73950
- http://www.securitytracker.com/id/1032031
- http://www.ubuntu.com/usn/USN-2567-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10114
- https://security.gentoo.org/glsa/201509-01
- http://bugs.ntp.org/show_bug.cgi?id=2781
- http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://marc.info/?l=bugtraq&m=145750740530849&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1459.html
- http://support.apple.com/kb/HT204942
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38275
- http://www.debian.org/security/2015/dsa-3222
- http://www.debian.org/security/2015/dsa-3223
- http://www.kb.cert.org/vuls/id/374268
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:202
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/73950
- http://www.securitytracker.com/id/1032031
- http://www.ubuntu.com/usn/USN-2567-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10114
- https://security.gentoo.org/glsa/201509-01
Published: 2017-07-21
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-5194
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://www.debian.org/security/2015/dsa-3388
- http://www.openwall.com/lists/oss-security/2015/08/25/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/76475
- http://www.ubuntu.com/usn/USN-2783-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1254542
- https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
- https://www-01.ibm.com/support/docview.wss?uid=swg21985122
- https://www-01.ibm.com/support/docview.wss?uid=swg21986956
- https://www-01.ibm.com/support/docview.wss?uid=swg21988706
- https://www-01.ibm.com/support/docview.wss?uid=swg21989542
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://www.debian.org/security/2015/dsa-3388
- http://www.openwall.com/lists/oss-security/2015/08/25/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/76475
- http://www.ubuntu.com/usn/USN-2783-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1254542
- https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
- https://www-01.ibm.com/support/docview.wss?uid=swg21985122
- https://www-01.ibm.com/support/docview.wss?uid=swg21986956
- https://www-01.ibm.com/support/docview.wss?uid=swg21988706
- https://www-01.ibm.com/support/docview.wss?uid=swg21989542
Published: 2017-07-21
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-5195
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://www.debian.org/security/2015/dsa-3388
- http://www.openwall.com/lists/oss-security/2015/08/25/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/76474
- http://www.ubuntu.com/usn/USN-2783-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1254544
- https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
- https://www-01.ibm.com/support/docview.wss?uid=swg21985122
- https://www-01.ibm.com/support/docview.wss?uid=swg21986956
- https://www-01.ibm.com/support/docview.wss?uid=swg21988706
- https://www-01.ibm.com/support/docview.wss?uid=swg21989542
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://www.debian.org/security/2015/dsa-3388
- http://www.openwall.com/lists/oss-security/2015/08/25/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/76474
- http://www.ubuntu.com/usn/USN-2783-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1254544
- https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
- https://www-01.ibm.com/support/docview.wss?uid=swg21985122
- https://www-01.ibm.com/support/docview.wss?uid=swg21986956
- https://www-01.ibm.com/support/docview.wss?uid=swg21988706
- https://www-01.ibm.com/support/docview.wss?uid=swg21989542
Published: 2017-07-21
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-5219
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://www.debian.org/security/2015/dsa-3388
- http://www.openwall.com/lists/oss-security/2015/08/25/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/76473
- http://www.ubuntu.com/usn/USN-2783-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1255118
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
- https://www-01.ibm.com/support/docview.wss?uid=swg21985122
- https://www-01.ibm.com/support/docview.wss?uid=swg21986956
- https://www-01.ibm.com/support/docview.wss?uid=swg21988706
- https://www-01.ibm.com/support/docview.wss?uid=swg21989542
- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409
- http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://www.debian.org/security/2015/dsa-3388
- http://www.openwall.com/lists/oss-security/2015/08/25/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/76473
- http://www.ubuntu.com/usn/USN-2783-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1255118
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
- https://www-01.ibm.com/support/docview.wss?uid=swg21985122
- https://www-01.ibm.com/support/docview.wss?uid=swg21986956
- https://www-01.ibm.com/support/docview.wss?uid=swg21988706
- https://www-01.ibm.com/support/docview.wss?uid=swg21989542
- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409
Published: 2020-01-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-7851
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
Severity: LOW (3.5)
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
References:
- http://support.ntp.org/bin/view/Main/NtpBug2918
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.talosintel.com/reports/TALOS-2015-0062/
- http://support.ntp.org/bin/view/Main/NtpBug2918
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.talosintel.com/reports/TALOS-2015-0062/
Published: 2017-08-07
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-7871
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://support.ntp.org/bin/view/Main/NtpBug2941
- http://www.debian.org/security/2015/dsa-3388
- http://www.securityfocus.com/bid/77287
- http://www.securitytracker.com/id/1033951
- https://bugzilla.redhat.com/show_bug.cgi?id=1274265
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
- https://security.gentoo.org/glsa/201604-03
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20171004-0001/
- http://support.ntp.org/bin/view/Main/NtpBug2941
- http://www.debian.org/security/2015/dsa-3388
- http://www.securityfocus.com/bid/77287
- http://www.securitytracker.com/id/1033951
- https://bugzilla.redhat.com/show_bug.cgi?id=1274265
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
- https://security.gentoo.org/glsa/201604-03
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20171004-0001/