[ntp:security] [scr301680] NTP - 4.2.8p9

cve-request at mitre.org cve-request at mitre.org
Fri Mar 3 20:07:22 UTC 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [VulnerabilityType Other]
> Improper use of snprintf() in mx4200_send() NtpBug3377 (003)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6451.


> [Vulnerability Type]
> Buffer Overflow - WINDOWS: Stack Buffer Overflow from Command Line NtpBug3383 (008)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> NTF for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6452.


> [VulnerabilityType Other]
> Makefile does not enforce Security Flags NtpBug3376 (001)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?]
> true

Use CVE-2017-6453.


> [VulnerabilityType Other]
> Copious amounts of Unused Code NtpBug3381 (006)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6454.


> [VulnerabilityType Other]
> WINDOWS: Privileged execution of User Library code NtpBug3384 (009)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> NTF for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6455.


> [VulnerabilityType Other]
> Off-by-one in Oncore GPS Receiver NtpBug3380 (005)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8P9

Use CVE-2017-6456.


> [VulnerabilityType Other]
> NTP: ereallocarray()/eallocarray() underused NtpBug3385 (010)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> NTF for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6457.


> [VulnerabilityType Other]
> NTP: Potential Overflows in ctl_put() functions NtpBug3379 (004)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6458.


> [VulnerabilityType Other]
> WINDOWS: NTP Data Structure terminated insufficiently NtpBug3382 (007)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> NTF for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6459.


> [Vulnerability Type]
> Buffer Overflow - Buffer Overflow in ntpq when fetching reslist NtpBug3377 (002)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6460.


> [VulnerabilityType Other]
> NTP: ntpq_stripquotes() returns incorrect NtpBug3386 (011)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
> 
> ------------------------------------------
> 
> [Discoverer]
> CURE53

Use CVE-2017-6461.


> [VulnerabilityType Other]
> NTP: Buffer Overflow in DPTS Clock NtpBug3388 (014)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6462.


> [VulnerabilityType Other]
> NTP: Authenticated DoS via Malicious Config Option NtpBug3387 (012)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6463.


> [VulnerabilityType Other]
> NTP: Denial of Service via Malformed Config NtpBug3389 (016)
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Network Time Foundation for NTP
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> NTP - 4.2.8p9

Use CVE-2017-6464.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYucymAAoJEHb/MwWLVhi2/gsQAI0b6O9Tq1HmF9p8PZC6nNPc
yiUFqiQfdmYjZFg0bHuSk4xaHISe5mf+j4qnd5qFntydSzwoWGHLyUzvH9Fi74Jd
ovuOfjnLFQbNcedl+HGFNNiws00ul4Q+aR6DaC9rC0/UM4v+if9Uf7zPAbf+1V0P
JBuMVXzVH9YxEhTp4QMPasrS3p8rsAwcJJap2mTT9pmIfFImOfynoc8GabVkB5BA
twpgBEd7WclsA+s/TCc7T005LlU/7r8rhX7eT+J0T/dSUwrUJ7MW0WY92VO3KMbC
zo6GKFwCAeU9X6XaSjzpUXB6nqIRGDnhoygID4zm5UanzTC0qcvMlnWgi2BwwOeY
ZpHOmL86ad/+ZyJgC/UceNETY4wqI89/i0CTnZ3r29nX48671h8TXM0z3ZuxWb9Z
iw1a5m6OMp1BMrJl3YvS61jmOADakJac0Ko6U0z5VlUCRN3D/8WOYqFrY1nOwVFF
lAXeL5uQ2tNcWWGKHlVcMo5g91G2gl/K9LyI64z2GzFfsUn2UMxcE/kEeXFbAnj8
p7OTBWKP1M32lgAGSLhFH6oHAjEby60w0qGQo8IG4SHWeK6he5CUbGu3uOuMzjmN
t1XZhI6iHGrtcgf2vmzaHXBiCUA34cHyMlsRVznJkgOpeO92WtGD6NWSJRcKYt1K
lBGwhtekn61DxnXsSwEM
=zgse
-----END PGP SIGNATURE-----


More information about the security mailing list