Download
| Alert*
oval:org.secpod.oval:def:24535
The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ... oval:org.secpod.oval:def:1200153 As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker c ... oval:org.secpod.oval:def:602264 Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs. oval:org.secpod.oval:def:501841 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ... oval:org.secpod.oval:def:1501243 The remote host is missing a patch containing a security fix, which affects the following package(s): ntp oval:org.secpod.oval:def:1501086 Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentica ... oval:org.secpod.oval:def:204260 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP"s access control was based ... oval:org.secpod.oval:def:204271 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ... oval:org.secpod.oval:def:501737 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP"s access control was based ... oval:org.secpod.oval:def:108773 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... |