Ntp

Ntp

99 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2015-7852

  • EPSS 4.56%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

9.8

CVE-2015-7853

  • EPSS 20.96%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

6.5

CVE-2015-7855

Exploit
  • EPSS 63.46%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

9.8

CVE-2015-7871

  • EPSS 76.65%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

8.8

CVE-2015-7849

  • EPSS 4.25%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

7.5

CVE-2015-7703

  • EPSS 4.95%
  • Veröffentlicht 24.07.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and w...

7.5

CVE-2015-5195

  • EPSS 10.41%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5

CVE-2015-5194

  • EPSS 13.44%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5

CVE-2015-5219

  • EPSS 4.21%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5

CVE-2015-5300

  • EPSS 34.23%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option,...