Vulnerabilities > CVE-2019-8936 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
netapp
fedoraproject
opensuse
hpe
ntp
CWE-476
nessus

Summary

NTP through 4.2.8p12 has a NULL Pointer Dereference.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1356.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - NTP through 4.2.8p12 has a NULL Pointer Dereference.i1/4^CVE-2019-8936i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-05-10
    plugin id124734
    published2019-05-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124734
    titleEulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1356)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1206.NASL
    descriptionNTP has a NULL pointer dereference attack in an authenticated mode 6 packet. (CVE-2019-8936)
    last seen2020-06-01
    modified2020-06-02
    plugin id125292
    published2019-05-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125292
    titleAmazon Linux AMI : ntp (ALAS-2019-1206)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1938.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - NTP through 4.2.8p12 has a NULL Pointer Dereference.(CVE-2019-8936) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128941
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128941
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2019-1938)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition, escalate privileges, or remotely execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id122937
    published2019-03-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122937
    titleGLSA-201903-15 : NTP: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1769.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NTP through 4.2.8p12 has a NULL Pointer Dereference.(CVE-2019-8936) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-07-25
    plugin id127006
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127006
    titleEulerOS 2.0 SP8 : ntp (EulerOS-SA-2019-1769)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1457.NASL
    descriptionAccording to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NTP through 4.2.8p12 has a NULL Pointer Dereference.(CVE-2019-8936) - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the
    last seen2020-04-30
    modified2020-04-16
    plugin id135619
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135619
    titleEulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2020-1457)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13991-1.NASL
    descriptionThis update for ntp fixes the following issues : Security issue fixed : CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). Fixed several bugs in the BANCOMM reclock driver. Fixed ntp_loopfilter.c snprintf compilation warnings. Fixed spurious initgroups() error message. Fixed STA_NANO struct timex units. Fixed GPS week rollover in libparse. Fixed incorrect poll interval in packet. Added a missing check for ENABLE_CMAC. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123454
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123454
    titleSUSE SLES11 Security Update : ntp (SUSE-SU-2019:13991-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0775-1.NASL
    descriptionThis update for ntp fixes the following issues : Security issue fixed : CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: Fixed several bugs in the BANCOMM reclock driver. Fixed ntp_loopfilter.c snprintf compilation warnings. Fixed spurious initgroups() error message. Fixed STA_NANO struct timex units. Fixed GPS week rollover in libparse. Fixed incorrect poll interval in packet. Added a missing check for ENABLE_CMAC. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123449
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123449
    titleSUSE SLES12 Security Update : ntp (SUSE-SU-2019:0775-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C2576E1436E211E99EDA206A8A720317.NASL
    descriptionNetwork Time Foundation reports : A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target
    last seen2020-04-30
    modified2019-03-08
    plugin id122685
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122685
    titleFreeBSD : ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet (c2576e14-36e2-11e9-9eda-206a8a720317)
  • NASL familyMisc.
    NASL idNTP_4_2_8P13.NASL
    descriptionThe version of the remote NTP server is 4.x prior to 4.2.8p13, or is 4.3.x prior to 4.3.94. It is, therefore, affected by a denial of service vulnerability due to a flaw in handling authenticated mode 6 traffic. An authenticated attacker can exploit this issue to cause application crashes. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2019-03-12
    plugin id122777
    published2019-03-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122777
    titleNetwork Time Protocol Daemon (ntpd) 4.x < 4.2.8p13 / 4.3.x < 4.3.94 DoS
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-B0C7F0D94A.NASL
    descriptionSecurity fix for CVE-2019-8936 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124532
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124532
    titleFedora 30 : ntp (2019-b0c7f0d94a)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1878.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NTP through 4.2.8p12 has a NULL Pointer Dereference.(CVE-2019-8936) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128801
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128801
    titleEulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1878)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0777-1.NASL
    descriptionThis update for ntp fixes the following issues : Security issue fixed : CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: Fixed several bugs in the BANCOMM reclock driver. Fixed ntp_loopfilter.c snprintf compilation warnings. Fixed spurious initgroups() error message. Fixed STA_NANO struct timex units. Fixed GPS week rollover in libparse. Fixed incorrect poll interval in packet. Added a missing check for ENABLE_CMAC. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123451
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123451
    titleSUSE SLED15 / SLES15 Security Update : ntp (SUSE-SU-2019:0777-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1143.NASL
    descriptionThis update for ntp fixes the following issues : Security issue fixed: &#9; - CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed : - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123773
    published2019-04-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123773
    titleopenSUSE Security Update : ntp (openSUSE-2019-1143)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0789-1.NASL
    descriptionThis update for ntp fixes the following issues : Security issue fixed : CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: Fixed an issue which caused openSSL mismatch (bsc#1125401) Fixed several bugs in the BANCOMM reclock driver. Fixed ntp_loopfilter.c snprintf compilation warnings. Fixed spurious initgroups() error message. Fixed STA_NANO struct timex units. Fixed GPS week rollover in libparse. Fixed incorrect poll interval in packet. Added a missing check for ENABLE_CMAC. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123500
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123500
    titleSUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2019:0789-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1158.NASL
    descriptionThis update for ntp fixes the following issues : Security issue fixed: &#9; - CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed : - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123813
    published2019-04-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123813
    titleopenSUSE Security Update : ntp (openSUSE-2019-1158)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1860.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NTP through 4.2.8p12 has a NULL Pointer Dereference.(CVE-2019-8936) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-17
    plugin id128912
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128912
    titleEulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1860)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0024_NTP.NASL
    descriptionAn update of the ntp package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128156
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128156
    titlePhoton OS 3.0: Ntp PHSA-2019-3.0-0024
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-067-01.NASL
    descriptionNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen2020-04-30
    modified2019-03-11
    plugin id122740
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122740
    titleSlackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2019-067-01)

References