Package "ntp-doc"
| Name: |
ntp-doc
|
Description: |
Network Time Protocol documentation
|
| Latest version: |
1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 |
| Release: |
trusty (14.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
ntp |
| Homepage: |
http://support.ntp.org/ |
Links
Download "ntp-doc"
Other versions of "ntp-doc" in Trusty
Changelog
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:45:46 -0400
|
| Source diff to previous version |
| CVE-2018-7183 |
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an |
| CVE-2018-7185 |
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet |
|
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.11) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via responses with a spoofed source address
- debian/patches/CVE-2016-7426.patch: improve rate limiting in
ntpd/ntp_proto.c.
- CVE-2016-7426
* SECURITY UPDATE: DoS via crafted broadcast mode packet
- debian/patches/CVE-2016-7427-1.patch: improve replay prevention
logic in ntpd/ntp_proto.c.
- CVE-2016-7427
* SECURITY UPDATE: DoS via poll interval in a broadcast packet
- debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
has elapsed in ntpd/ntp_proto.c, include/ntp.h.
- CVE-2016-7428
* SECURITY UPDATE: DoS via response for a source to an interface the
source does not use
- debian/patches/CVE-2016-7429-1.patch: add extra checks to
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-2.patch: check for NULL first in
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
in ntpd/ntp_peer.c.
- CVE-2016-7429
* SECURITY UPDATE: traps can be set or unset via a crafted control mode
packet
- debian/patches/CVE-2016-9310.patch: require AUTH in
ntpd/ntp_control.c.
- CVE-2016-9310
* SECURITY UPDATE: DoS when trap service is enabled
- debian/patches/CVE-2016-9311.patch: make sure peer events are
associated with a peer in ntpd/ntp_control.c.
- CVE-2016-9311
* SECURITY UPDATE: potential Overflows in ctl_put() functions
- debian/patches/CVE-2017-6458.patch: check lengths in
ntpd/ntp_control.c.
- CVE-2017-6458
* SECURITY UPDATE: buffer overflow in DPTS refclock driver
- debian/patches/CVE-2017-6462.patch: don't overrun buffer in
ntpd/refclock_datum.c.
- CVE-2017-6462
* SECURITY UPDATE: DoS via invalid setting in a :config directive
- debian/patches/CVE-2017-6463.patch: protect against overflow in
ntpd/ntp_config.c.
- CVE-2017-6463
* SECURITY UPDATE: Dos via malformed mode configuration directive
- debian/patches/CVE-2017-6464.patch: validate directives in
ntpd/ntp_config.c, ntpd/ntp_proto.c.
- CVE-2017-6464
-- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 12:17:02 -0400
|
| Source diff to previous version |
| CVE-2016-7426 |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote |
| CVE-2016-7427 |
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadca |
| CVE-2016-7428 |
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast |
| CVE-2016-7429 |
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denia |
| CVE-2016-9310 |
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet |
| CVE-2016-9311 |
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and cras |
| CVE-2017-6458 |
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecifi |
| CVE-2017-6462 |
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users |
| CVE-2017-6463 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a |
| CVE-2017-6464 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration dire |
|
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10) trusty-security; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-2016-1548.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
* SECURITY UPDATE: denial of service via spoofed packets
- debian/patches/CVE-2016-4954.patch: discard packet that fails tests
in ntpd/ntp_proto.c.
- CVE-2016-4954
* SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
MAC
- debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
- CVE-2016-4955
* SECURITY UPDATE: denial of service via spoofed broadcast packet
- debian/patches/CVE-2016-4956.patch: properly handle switch in
broadcast interleaved mode in ntpd/ntp_proto.c.
- CVE-2016-4956
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:13:23 -0400
|
| Source diff to previous version |
| 1528050 |
NTP statsdir cleanup cronjob insecure |
| CVE-2015-7973 |
Deja Vu: Replay attack on authenticated broadcast mode |
| CVE-2015-7974 |
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remot |
| CVE-2015-7976 |
ntpq saveconfig command allows dangerous characters in filenames |
| CVE-2015-7977 |
reslist NULL pointer dereference |
| CVE-2015-7978 |
Stack exhaustion in recursive traversal of restriction list |
| CVE-2015-7979 |
Off-path Denial of Service (DoS) attack on authenticated broadcast mode |
| CVE-2016-1547 |
Validate crypto-NAKs |
| CVE-2015-8138 |
ntp: missing check for zero originate timestamp |
| CVE-2015-8158 |
Potential Infinite Loop in ntpq |
| CVE-2016-0727 |
NTP statsdir cleanup cronjob insecure |
| CVE-2016-1548 |
Change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mo |
| CVE-2016-1550 |
Timing attack for authenticated packets |
| CVE-2016-2516 |
Duplicate IPs on unconfig directives will cause an assertion failure |
| CVE-2016-2518 |
Crafted addpeer with hmode > 7 causes out-of-bounds reference |
| CVE-2016-4954 |
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modi |
| CVE-2016-4955 |
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association |
| CVE-2016-4956 |
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broad |
|
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted NUL-byte in
configuration directive
- debian/patches/CVE-2015-5146.patch: properly validate command in
ntpd/ntp_control.c.
- CVE-2015-5146
* SECURITY UPDATE: denial of service via malformed logconfig commands
- debian/patches/CVE-2015-5194.patch: fix logconfig logic in
ntpd/ntp_parser.y.
- CVE-2015-5194
* SECURITY UPDATE: denial of service via disabled statistics type
- debian/patches/CVE-2015-5195.patch: handle unrecognized types in
ntpd/ntp_config.c.
- CVE-2015-5195
* SECURITY UPDATE: file overwrite via remote pidfile and driftfile
configuration directives
- debian/patches/CVE-2015-5196.patch: disable remote configuration in
ntpd/ntp_parser.y.
- CVE-2015-5196
- CVE-2015-7703
* SECURITY UPDATE: denial of service via precision value conversion
- debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
include/ntp.h.
- CVE-2015-5219
* SECURITY UPDATE: timeshifting by reboot issue
- debian/patches/CVE-2015-5300.patch: disable panic in
ntpd/ntp_loopfilter.c.
- CVE-2015-5300
* SECURITY UPDATE: incomplete autokey data packet length checks
- debian/patches/CVE-2015-7691.patch: add length and size checks to
ntpd/ntp_crypto.c.
- CVE-2015-7691
- CVE-2015-7692
- CVE-2015-7702
* SECURITY UPDATE: memory leak in CRYPTO_ASSOC
- debian/patches/CVE-2015-7701.patch: add missing free in
ntpd/ntp_crypto.c.
- CVE-2015-7701
* SECURITY UPDATE: denial of service by spoofed KoD
- debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
- CVE-2015-7704
- CVE-2015-7705
* SECURITY UPDATE: denial of service via same logfile and keyfile
- debian/patches/CVE-2015-7850.patch: rate limit errors in
include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
libntp/msyslog.c.
- CVE-2015-7850
* SECURITY UPDATE: ntpq atoascii memory corruption
- debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
ntpq/ntpq.c.
- CVE-2015-7852
* SECURITY UPDATE: buffer overflow via custom refclock driver
- debian/patches/CVE-2015-7853.patch: properly calculate length in
ntpd/ntp_io.c.
- CVE-2015-7853
* SECURITY UPDATE: denial of service via ASSERT in decodenetnum
- debian/patches/CVE-2015-7855.patch: simply return fail in
libntp/decodenetnum.c.
- CVE-2015-7855
* SECURITY UPDATE: symmetric association authentication bypass via
crypto-NAK
- debian/patches/CVE-2015-7871.patch: drop unhandled packet in
ntpd/ntp_proto.c.
- CVE-2015-7871
* debian/control: add bison to Build-Depends.
* debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
regenerated for some reason.
* This package does _not_ contain the changes from
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed.
-- Marc Deslauriers Fri, 23 Oct 2015 11:47:46 -0400
|
| Source diff to previous version |
| CVE-2015-5146 |
ntpd control message crash: Crafted NUL-byte in configuration directive |
| CVE-2015-5194 |
crash with crafted logconfig configuration command |
| CVE-2015-5195 |
ntpd crash when processing config commands with statistics type |
| CVE-2015-5219 |
infinite loop in sntp processing crafted packet |
| CVE-2015-5300 |
MITM attacker can force ntpd to make a step larger than the panic threshold |
|
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
- debian/patches/CVE-2015-1798.patch: reject packets without MAC in
ntpd/ntp_proto.c.
- CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
- debian/patches/CVE-2015-1799.patch: don't update state variables when
authentication fails in ntpd/ntp_proto.c.
- CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
endian platforms
- debian/patches/ntp-keygen-endless-loop.patch: fix logic in
util/ntp-keygen.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Mon, 13 Apr 2015 09:05:27 -0400
|
| CVE-2015-1798 |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a |
| CVE-2015-1799 |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon recei |
|
About
-
Send Feedback to @ubuntu_updates
