Red Hat Security Advisory 2016-2583-02 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.
b29d9245310b0ec9f927c67365c473b5acf58d5ff988391450625bfc3fc3f167Ubuntu Security Notice 3096-1 - Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
b8f300fae17a52f76a9e98de101486d8e3686770df1e46d25f5d8739810e8276Debian Linux Security Advisory 3629-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.
928596a20913fd01d3f58cfb75578feb56c3ebee5c0640ed9f639ec7fd418fa2Gentoo Linux Security Advisory 201607-15 - Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected.
1cee38cbbf4cfcbee63ab9a3fb2cb62dbfa060e41bf33390b2adc1fcf92ddd84Red Hat Security Advisory 2016-0780-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.
74e2b989b3c600a50d525a32a6dc0ba22bf800d2e75ca1cfaf034dede452cefdSlackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
37713e13555f43d3a710763934080ccf84cfd0f0cb9b3f3824fd084a85878b2c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed