[ntp:security] [scr301680] NTP - 4.2.8p9
cve-request at mitre.org
cve-request at mitre.org
Fri Mar 3 20:07:22 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> [VulnerabilityType Other]
> Improper use of snprintf() in mx4200_send() NtpBug3377 (003)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6451.
> [Vulnerability Type]
> Buffer Overflow - WINDOWS: Stack Buffer Overflow from Command Line NtpBug3383 (008)
>
> ------------------------------------------
>
> [Vendor of Product]
> NTF for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6452.
> [VulnerabilityType Other]
> Makefile does not enforce Security Flags NtpBug3376 (001)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
Use CVE-2017-6453.
> [VulnerabilityType Other]
> Copious amounts of Unused Code NtpBug3381 (006)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6454.
> [VulnerabilityType Other]
> WINDOWS: Privileged execution of User Library code NtpBug3384 (009)
>
> ------------------------------------------
>
> [Vendor of Product]
> NTF for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6455.
> [VulnerabilityType Other]
> Off-by-one in Oncore GPS Receiver NtpBug3380 (005)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8P9
Use CVE-2017-6456.
> [VulnerabilityType Other]
> NTP: ereallocarray()/eallocarray() underused NtpBug3385 (010)
>
> ------------------------------------------
>
> [Vendor of Product]
> NTF for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6457.
> [VulnerabilityType Other]
> NTP: Potential Overflows in ctl_put() functions NtpBug3379 (004)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6458.
> [VulnerabilityType Other]
> WINDOWS: NTP Data Structure terminated insufficiently NtpBug3382 (007)
>
> ------------------------------------------
>
> [Vendor of Product]
> NTF for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6459.
> [Vulnerability Type]
> Buffer Overflow - Buffer Overflow in ntpq when fetching reslist NtpBug3377 (002)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6460.
> [VulnerabilityType Other]
> NTP: ntpq_stripquotes() returns incorrect NtpBug3386 (011)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> CURE53
Use CVE-2017-6461.
> [VulnerabilityType Other]
> NTP: Buffer Overflow in DPTS Clock NtpBug3388 (014)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6462.
> [VulnerabilityType Other]
> NTP: Authenticated DoS via Malicious Config Option NtpBug3387 (012)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6463.
> [VulnerabilityType Other]
> NTP: Denial of Service via Malformed Config NtpBug3389 (016)
>
> ------------------------------------------
>
> [Vendor of Product]
> Network Time Foundation for NTP
>
> ------------------------------------------
>
> [Affected Product Code Base]
> NTP - 4.2.8p9
Use CVE-2017-6464.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYucymAAoJEHb/MwWLVhi2/gsQAI0b6O9Tq1HmF9p8PZC6nNPc
yiUFqiQfdmYjZFg0bHuSk4xaHISe5mf+j4qnd5qFntydSzwoWGHLyUzvH9Fi74Jd
ovuOfjnLFQbNcedl+HGFNNiws00ul4Q+aR6DaC9rC0/UM4v+if9Uf7zPAbf+1V0P
JBuMVXzVH9YxEhTp4QMPasrS3p8rsAwcJJap2mTT9pmIfFImOfynoc8GabVkB5BA
twpgBEd7WclsA+s/TCc7T005LlU/7r8rhX7eT+J0T/dSUwrUJ7MW0WY92VO3KMbC
zo6GKFwCAeU9X6XaSjzpUXB6nqIRGDnhoygID4zm5UanzTC0qcvMlnWgi2BwwOeY
ZpHOmL86ad/+ZyJgC/UceNETY4wqI89/i0CTnZ3r29nX48671h8TXM0z3ZuxWb9Z
iw1a5m6OMp1BMrJl3YvS61jmOADakJac0Ko6U0z5VlUCRN3D/8WOYqFrY1nOwVFF
lAXeL5uQ2tNcWWGKHlVcMo5g91G2gl/K9LyI64z2GzFfsUn2UMxcE/kEeXFbAnj8
p7OTBWKP1M32lgAGSLhFH6oHAjEby60w0qGQo8IG4SHWeK6he5CUbGu3uOuMzjmN
t1XZhI6iHGrtcgf2vmzaHXBiCUA34cHyMlsRVznJkgOpeO92WtGD6NWSJRcKYt1K
lBGwhtekn61DxnXsSwEM
=zgse
-----END PGP SIGNATURE-----
More information about the security
mailing list