HPE Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
a39834881c545886ee1c449eb45b4cbf
HPE Security Bulletin HPESBHF03750 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5, Comware 7 and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
692c408c7a93199bb791312c95aec51b
Red Hat Security Advisory 2016-2583-02 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.
c60ed0a8153b4cc5c07956127649f45c
Ubuntu Security Notice 3096-1 - Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
9b3aea2f08c5b95113b7d617304a06df
Red Hat Security Advisory 2016-1552-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.
ecb43ca3dd0cf0f44f0fa0e845dc1dd6
Debian Linux Security Advisory 3629-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.
b8690cb4b41c7112666bc70d64edeead
Gentoo Linux Security Advisory 201607-15 - Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected.
37d7aaee61e4fd18730be42b0dad0d01
Red Hat Security Advisory 2016-1141-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.
39609b1d1ed35a540a846b3ce318ba00
Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
fcefe73e812ba3898beb2be19f0cc1af