NTP 4.0.97

CPE Details

NTP 4.0.97
ntp
ntp
4.0.97
2009-04-14
14h04 +00:00
2016-01-28
22h50 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*

Informations

Vendor

ntp

Product

ntp

Version

4.0.97

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-13817 2020-06-04 10h31 +00:00 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
7.4
Haute
CVE-2020-11868 2020-04-17 01h31 +00:00 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
7.5
Haute
CVE-2019-8936 2019-05-15 13h37 +00:00 NTP through 4.2.8p12 has a NULL Pointer Dereference.
7.5
Haute
CVE-2017-6458 2017-03-27 15h00 +00:00 Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
8.8
Haute
CVE-2015-7973 2017-01-30 20h00 +00:00 NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
6.5
Moyen
CVE-2015-7977 2017-01-30 20h00 +00:00 ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
Moyen
CVE-2016-2518 2017-01-30 20h00 +00:00 The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
5.3
Moyen
CVE-2015-1798 2015-04-08 08h00 +00:00 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
1.8
CVE-2015-1799 2015-04-08 08h00 +00:00 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
4.3
CVE-2014-9293 2014-12-20 01h00 +00:00 The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
7.5
CVE-2014-9294 2014-12-20 01h00 +00:00 util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
7.5
CVE-2014-9295 2014-12-20 01h00 +00:00 Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
7.5
CVE-2014-9296 2014-12-20 01h00 +00:00 The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
5
CVE-2013-5211 2014-01-02 10h00 +00:00 The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
5
CVE-2009-3563 2009-12-08 23h00 +00:00 ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
6.4
CVE-2009-0159 2009-04-14 13h00 +00:00 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
6.8
CVE-2009-0021 2009-01-07 16h00 +00:00 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
5