Vulnerabilities > NTP > NTP > 4.0.90
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-08 | CVE-2015-1799 | Code vulnerability in NTP The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | 4.3 |
2014-12-20 | CVE-2014-9296 | Code vulnerability in NTP The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. | 5.0 |
2014-12-20 | CVE-2014-9295 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. | 7.5 |
2014-12-20 | CVE-2014-9294 | Unspecified vulnerability in NTP util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 7.5 |
2014-12-20 | CVE-2014-9293 | Unspecified vulnerability in NTP The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 7.5 |
2009-04-14 | CVE-2009-0159 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NTP Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. | 6.8 |
2009-01-07 | CVE-2009-0021 | Improper Authentication vulnerability in NTP NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | 5.0 |