Debian Ntp vulnerabilities

CVE-2016-9042 [MEDIUM] CVE-2016-9042: ntp - An exploitable denial of service vulnerability exists in the origin timestamp ch... An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial

CVE-2016-9310 [MEDIUM] CVE-2016-9310: ntp - The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows rem... The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. Scope: local bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)

CVE-2016-2519 [MEDIUM] CVE-2016-2519: ntp - ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ca... ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2016-7427 [MEDIUM] CVE-2016-7427: ntp - The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9... The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. Scope: local bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)

CVE-2016-9311 [MEDIUM] CVE-2016-9311: ntp - ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote atta... ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. Scope: local bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)

CVE-2016-7433 [MEDIUM] CVE-2016-7433: ntp - NTP before 4.2.8p9 does not properly perform the initial sync calculations, whic... NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." Scope: local bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)

CVE-2016-9312 [HIGH] CVE-2016-9312: ntp - ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to ... ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. Scope: local bullseye: resolved

CVE-2016-2517 [MEDIUM] CVE-2016-2517: ntp - NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a de... NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. Scope: lo

CVE-2016-1551 [LOW] CVE-2016-1551: ntp - ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies o... ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive()

CVE-2016-7429 [LOW] CVE-2016-7429: ntp - NTP before 4.2.8p9 changes the peer structure to the interface it receives the r... NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. Scope: local bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)

CVE-2016-0727 [HIGH] CVE-2016-0727: ntp - The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubun... The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics d

CVE-2015-7853 [CRITICAL] CVE-2015-7853: ntp - The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.... The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7705 [CRITICAL] CVE-2015-7705: ntp - The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo... The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-3)

CVE-2015-7871 [CRITICAL] CVE-2015-7871: ntp - Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 ... Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-3405 [HIGH] CVE-2015-3405: ntp - ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not ge... ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. Scope: local bulls

CVE-2015-7704 [HIGH] CVE-2015-7704: ntp - The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote ... The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-3)

CVE-2015-7854 [HIGH] CVE-2015-7854: ntp - Buffer overflow in the password management functionality in NTP 4.2.x before 4.2... Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7848 [HIGH] CVE-2015-7848: ntp - An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memo... An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-

CVE-2015-7978 [HIGH] CVE-2015-7978: ntp - NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a ... NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-5300 [HIGH] CVE-2015-5300: ntp - The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first ch... The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources