Debian Ntp vulnerabilities

CVE-2015-7703 [HIGH] CVE-2015-7703: ntp - The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.... The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. Scope: local bullsey

CVE-2015-7849 [HIGH] CVE-2015-7849: ntp - Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x befo... Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7701 [HIGH] CVE-2015-7701: ntp - Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, an... Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7979 [HIGH] CVE-2015-7979: ntp - NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a de... NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-7702 [MEDIUM] CVE-2015-7702: ntp - The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4... The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7977 [MEDIUM] CVE-2015-7977: ntp - ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ca... ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-8140 [MEDIUM] CVE-2015-8140: ntp - The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct repla... The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-5146 [MEDIUM] CVE-2015-5146: ntp - ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authe... ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. Scope: local bullseye: resolved (fixed in 1:4.2.8p3+dfsg-1)

CVE-2015-7692 [MEDIUM] CVE-2015-7692: ntp - The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4... The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7975 [MEDIUM] CVE-2015-7975: ntp - The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not prop... The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-8139 [MEDIUM] CVE-2015-8139: ntp - ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps a... ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-7851 [MEDIUM] CVE-2015-7851: ntp - Directory traversal vulnerability in the save_config function in ntpd in ntp_con... Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7855 [MEDIUM] CVE-2015-7855: ntp - The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before ... The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-1799 [MEDIUM] CVE-2015-1799: ntp - The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP ... The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. Scope: local bullseye: resolved (fixed in

CVE-2015-8158 [MEDIUM] CVE-2015-8158: ntp - The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before... The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-7691 [MEDIUM] CVE-2015-7691: ntp - The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4... The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7850 [MEDIUM] CVE-2015-7850: ntp - ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenti... ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-7852 [MEDIUM] CVE-2015-7852: ntp - ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attacker... ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. Scope: local bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)

CVE-2015-8138 [MEDIUM] CVE-2015-8138: ntp - NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the... NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)

CVE-2015-7976 [MEDIUM] CVE-2015-7976: ntp - The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3... The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. Scope: local bullseye: resolved (fixed in 1:4.2.8p7+dfsg-1)