HP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.
276161f9b5defba94587895476977046f39846e30ab23de7e9fcec0f7db3fd13Mandriva Linux Security Advisory 2009-309 - Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this.
569d44718c363b879165cccc2876ddae82c144ec8ac5703c54ea660ec473034eHP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running XNTP. The vulnerabilities could be exploited remotely to execute arbitrary code.
d9cdab8e1fe997da061f0612c947f172b2fcb3add913836a42b31e48d2a4ae54FreeBSD Security Advisory - The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is configured to use the 'autokey' security model.
ec6c782f4a0e120ad1feee4a35e1fb30428529ec48d4b15ba1b394a88c31d3bdGentoo Linux Security Advisory GLSA 200905-08 - Multiple errors in the NTP client and server programs might allow for the remote execution of arbitrary code. Versions less than 4.2.4_p7 are affected.
b20efb12e4e9d42824f528bbe9078a33ce48b4de072e33d361e0a7b25cdd7029Ubuntu Security Notice USN-777-1 - A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code.
55c1eeff974661777e2e48e1335608940fb002dbffde0d8cd36f061646d2a5feMandriva Linux Security Advisory 2009-117 - A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. The updated packages have been patched to prevent this.
b7c2ff13cb3d88314a0258ee7a01c60359a4e89d93bf02d77748c24e0e3aaa10Debian Security Advisory 1801-1 - Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation.
a57a12424f37cb2ec816cd15519fb2d5be45c3576aa0d03f4f69d2831dfa63a0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed