Ntp

Ntp

99 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2015-7852

  • EPSS 3.54%
  • Published 07.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

9.8

CVE-2015-7853

  • EPSS 20.96%
  • Published 07.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

6.5

CVE-2015-7855

Exploit
  • EPSS 60.88%
  • Published 07.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

9.8

CVE-2015-7871

  • EPSS 76.65%
  • Published 07.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

8.8

CVE-2015-7849

  • EPSS 4.25%
  • Published 07.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

7.5

CVE-2015-7703

  • EPSS 4.95%
  • Published 24.07.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and w...

7.5

CVE-2015-5195

  • EPSS 13.72%
  • Published 21.07.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5

CVE-2015-5194

  • EPSS 15.51%
  • Published 21.07.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5

CVE-2015-5219

  • EPSS 4.21%
  • Published 21.07.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5

CVE-2015-5300

  • EPSS 34.23%
  • Published 21.07.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option,...