Ntp

Ntp

99 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2015-7852

  • EPSS 3.19%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

9.8

CVE-2015-7853

  • EPSS 40.56%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

6.5

CVE-2015-7855

Exploit
  • EPSS 65.7%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

9.8

CVE-2015-7871

  • EPSS 79.62%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

8.8

CVE-2015-7849

  • EPSS 4.55%
  • Veröffentlicht 07.08.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

7.5

CVE-2015-7703

  • EPSS 9.42%
  • Veröffentlicht 24.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and w...

7.5

CVE-2015-5195

  • EPSS 7.93%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5

CVE-2015-5194

  • EPSS 8.41%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5

CVE-2015-5219

  • EPSS 2.24%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5

CVE-2015-5300

  • EPSS 36.84%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option,...