Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ntp ntp 4.3.92 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2018-7183
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 up to and including 4.2.8p10 allows remote malicious users to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Ntp Ntp 4.2.8Freebsd Freebsd 10.4Freebsd Freebsd 11.1Freebsd Freebsd 10.3Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 17.10Canonical Ubuntu Linux 18.04Netapp Element Software -
7.1
CVSSv2
CVE-2016-2516
NTP prior to 4.2.8p7 and 4.3.x prior to 4.3.92, when mode7 is enabled, allows remote malicious users to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
Ntp NtpNtp Ntp 4.3.90Ntp Ntp 4.3.91Ntp Ntp 4.3.14Ntp Ntp 4.3.15Ntp Ntp 4.3.22Ntp Ntp 4.3.23Ntp Ntp 4.3.3Ntp Ntp 4.3.30Ntp Ntp 4.3.37Ntp Ntp 4.3.38Ntp Ntp 4.3.45Ntp Ntp 4.3.46Ntp Ntp 4.3.52Ntp Ntp 4.3.53Ntp Ntp 4.3.6Ntp Ntp 4.3.60Ntp Ntp 4.3.68Ntp Ntp 4.3.69Ntp Ntp 4.3.75Ntp Ntp 4.3.76Ntp Ntp 4.3.82
6.5
CVSSv2
CVE-2017-6460
Stack-based buffer overflow in the reslist function in ntpq in NTP prior to 4.2.8p10 and 4.3.x prior to 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Ntp Ntp 4.3.13Ntp Ntp 4.3.14Ntp Ntp 4.3.11Ntp Ntp 4.3.12Ntp Ntp 4.3.19Ntp Ntp 4.3.2Ntp Ntp 4.3.26Ntp Ntp 4.3.20Ntp Ntp 4.3.21Ntp Ntp 4.3.29Ntp Ntp 4.3.3Ntp Ntp 4.3.36Ntp Ntp 4.3.37Ntp Ntp 4.3.43Ntp Ntp 4.3.44Ntp Ntp 4.3.51Ntp Ntp 4.3.52Ntp Ntp 4.3.59Ntp Ntp 4.3.6Ntp Ntp 4.3.66Ntp Ntp 4.3.67Ntp Ntp 4.3.74
5
CVSSv2
CVE-2018-7185
The protocol engine in ntp 4.2.6 prior to 4.2.8p11 allows a remote malicious users to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the ...
Ntp NtpNtp Ntp 4.2.8Synology Diskstation ManagerSynology Router ManagerSynology SkynasSynology Virtual Diskstation ManagerSynology Vs960hd FirmwareCanonical Ubuntu Linux 18.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 17.10Netapp Hci -Netapp Solidfire -Hpe Hpux-ntpOracle Fujitsu M10-1 FirmwareOracle Fujitsu M10-4 FirmwareOracle Fujitsu M10-4s FirmwareOracle Fujitsu M12-1 FirmwareOracle Fujitsu M12-2 FirmwareOracle Fujitsu M12-2s Firmware
5
CVSSv2
CVE-2018-7182
The ctl_getitem method in ntpd in ntp-4.2.8p6 prior to 4.2.8p11 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 up to and including 4.2.8p10.
Ntp Ntp 4.2.8Canonical Ubuntu Linux 17.10Canonical Ubuntu Linux 18.04Netapp Element Software -
5
CVSSv2
CVE-2018-7184
ntpd in ntp 4.2.8p4 prior to 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote malicious users to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting ...
Ntp Ntp 4.2.8Synology Skynas -Synology Router Manager 1.1Synology Diskstation Manager 6.1Synology Diskstation Manager 6.0Synology Virtual Diskstation Manager -Synology Diskstation Manager 5.2Synology Vs960hd Firmware -Slackware Slackware Linux 14.0Slackware Slackware Linux 14.1Slackware Slackware Linux 14.2Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 17.10Canonical Ubuntu Linux 18.04Netapp Steelstore Cloud Integrated Storage -Netapp Cloud Backup -
5
CVSSv2
CVE-2016-4957
ntpd in NTP prior to 4.2.8p8 allows remote malicious users to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Ntp Ntp 4.2.8Ntp Ntp 4.3.92Oracle Solaris 10Oracle Solaris 11.3Suse Manager Proxy 2.1Suse Openstack Cloud 5Novell Suse Manager 2.1Opensuse Leap 42.1Opensuse Opensuse 13.2Suse Linux Enterprise Desktop 12Suse Linux Enterprise Server 11Suse Linux Enterprise Server 12
4.9
CVSSv2
CVE-2016-2517
NTP prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows remote malicious users to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, contr...
Ntp NtpNtp Ntp 4.3.10Ntp Ntp 4.3.11Ntp Ntp 4.3.18Ntp Ntp 4.3.19Ntp Ntp 4.3.25Ntp Ntp 4.3.26Ntp Ntp 4.3.33Ntp Ntp 4.3.34Ntp Ntp 4.3.40Ntp Ntp 4.3.41Ntp Ntp 4.3.48Ntp Ntp 4.3.49Ntp Ntp 4.3.5Ntp Ntp 4.3.56Ntp Ntp 4.3.57Ntp Ntp 4.3.63Ntp Ntp 4.3.64Ntp Ntp 4.3.71Ntp Ntp 4.3.72Ntp Ntp 4.3.79Ntp Ntp 4.3.8
4.9
CVSSv2
CVE-2016-2519
ntpd in NTP prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows remote malicious users to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
Ntp NtpNtp Ntp 4.3.11Ntp Ntp 4.3.12Ntp Ntp 4.3.19Ntp Ntp 4.3.2Ntp Ntp 4.3.27Ntp Ntp 4.3.28Ntp Ntp 4.3.34Ntp Ntp 4.3.35Ntp Ntp 4.3.41Ntp Ntp 4.3.42Ntp Ntp 4.3.5Ntp Ntp 4.3.50Ntp Ntp 4.3.57Ntp Ntp 4.3.58Ntp Ntp 4.3.64Ntp Ntp 4.3.65Ntp Ntp 4.3.72Ntp Ntp 4.3.73Ntp Ntp 4.3.8Ntp Ntp 4.3.80Ntp Ntp 4.3.87
4.6
CVSSv2
CVE-2017-6451
The mx4200_send function in the legacy MX4200 refclock in NTP prior to 4.2.8p10 and 4.3.x prior to 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds...
Ntp Ntp 4.3.0Ntp Ntp 4.3.15Ntp Ntp 4.3.16Ntp Ntp 4.3.17Ntp Ntp 4.3.23Ntp Ntp 4.3.24Ntp Ntp 4.3.30Ntp Ntp 4.3.31Ntp Ntp 4.3.38Ntp Ntp 4.3.39Ntp Ntp 4.3.4Ntp Ntp 4.3.46Ntp Ntp 4.3.47Ntp Ntp 4.3.53Ntp Ntp 4.3.54Ntp Ntp 4.3.61Ntp Ntp 4.3.62Ntp Ntp 4.3.69Ntp Ntp 4.3.7Ntp Ntp 4.3.76Ntp Ntp 4.3.77Ntp Ntp 4.3.84
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook