Ntp

Ntp

99 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-9295

Exploit
  • EPSS 59.05%
  • Veröffentlicht 20.12.2014 02:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata func...

7.5

CVE-2014-9294

Exploit
  • EPSS 31.97%
  • Veröffentlicht 20.12.2014 02:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

7.5

CVE-2014-9293

Exploit
  • EPSS 31.97%
  • Veröffentlicht 20.12.2014 02:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

5

CVE-2013-5211

  • EPSS 91.73%
  • Veröffentlicht 02.01.2014 14:59:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 20...

6.4

CVE-2009-3563

  • EPSS 86.93%
  • Veröffentlicht 09.12.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang...

6.8

CVE-2009-1252

  • EPSS 47.1%
  • Veröffentlicht 19.05.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing a...

6.8

CVE-2009-0159

  • EPSS 13.08%
  • Veröffentlicht 14.04.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

5

CVE-2009-0021

  • EPSS 4.75%
  • Veröffentlicht 07.01.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for ...

5

CVE-2004-0657

  • EPSS 4.54%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.