National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ntp:ntp:4.0.97
There are 45 matching records.
Displaying matches 41 through 45.
Vuln ID Summary CVSS Severity

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Published: December 19, 2014; 09:59:00 PM -05:00
    V2: 7.5 HIGH

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Published: December 09, 2009; 01:30:00 PM -05:00
    V2: 6.4 MEDIUM

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Published: April 14, 2009; 11:30:00 AM -04:00
    V2: 6.8 MEDIUM

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

Published: January 07, 2009; 12:30:00 PM -05:00
    V2: 5.0 MEDIUM

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM