National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

There are 43 matching records.
Displaying matches 41 through 43.
Vuln ID Summary CVSS Severity

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Published: December 09, 2009; 01:30:00 PM -05:00
V2: 6.4 MEDIUM

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Published: April 14, 2009; 11:30:00 AM -04:00
V2: 6.8 MEDIUM

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

Published: January 07, 2009; 12:30:00 PM -05:00
V2: 5.0 MEDIUM