4.2.7p444

DATE	CVE	VULNERABILITY TITLE	RISK
2015-10-06	CVE-2014-9751	Improper Input Validation vulnerability in multiple products The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. network ntp redhat debian oracle CWE-20	6.8
2015-10-06	CVE-2014-9750	Improper Input Validation vulnerability in NTP ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. network ntp redhat debian oracle CWE-20	5.8
2015-04-08	CVE-2015-1799	Code vulnerability in NTP The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. ntp CWE-17	4.3