English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.810678
Categoría:General
Título:NTP.org 'ntpd' Multiple Denial-of-Service Vulnerabilities (Mar 2017)
Resumen:NTP.org's reference implementation of NTP server, ntpd is prone to multiple denial of service vulnerabilities.
Descripción:Summary:
NTP.org's reference implementation of NTP server, ntpd is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to

- Improper handling of a malformed mode configuration directive.

- A buffer overflow error in Legacy Datum Programmable Time Server refclock
driver.

- Improper handling of an invalid setting via the :config directive.

- Incorrect pointer usage in the function 'ntpq_stripquotes'.

- No allocation of memory for a specific amount of items of the same size in
'oreallocarray' function.

- ntpd configured to use the PPSAPI under Windows.

- Limited passed application path size under Windows.

- An error leading to garbage registry creation in Windows.

- Copious amounts of Unused Code.

- Off-by-one error in Oncore GPS Receiver.

- Potential Overflows in 'ctl_put' functions.

- Improper use of 'snprintf' function in mx4200_send function.

- Buffer Overflow in ntpq when fetching reslist from a malicious ntpd.

- Potential Overflows in 'ctl_put' functions.

- Potential denial of service in origin timestamp check functionality of ntpd.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct denial of service condition.

Affected Software/OS:
NTP.org's ntpd versions 4.x before 4.2.8p10 and 4.3.x
before 4.3.94.

Solution:
Upgrade to NTP.org's ntpd version 4.2.8p10 or 4.3.94
or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6464
BugTraq ID: 97050
http://www.securityfocus.com/bid/97050
FreeBSD Security Advisory: FreeBSD-SA-17:03
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
RedHat Security Advisories: RHSA-2017:3071
https://access.redhat.com/errata/RHSA-2017:3071
RedHat Security Advisories: RHSA-2018:0855
https://access.redhat.com/errata/RHSA-2018:0855
http://www.securitytracker.com/id/1038123
Common Vulnerability Exposure (CVE) ID: CVE-2017-6462
BugTraq ID: 97045
http://www.securityfocus.com/bid/97045
https://usn.ubuntu.com/3707-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6463
BugTraq ID: 97049
http://www.securityfocus.com/bid/97049
Common Vulnerability Exposure (CVE) ID: CVE-2017-6455
BugTraq ID: 97074
http://www.securityfocus.com/bid/97074
http://www.securitytracker.com/id/1039427
Common Vulnerability Exposure (CVE) ID: CVE-2017-6452
BugTraq ID: 97078
http://www.securityfocus.com/bid/97078
Common Vulnerability Exposure (CVE) ID: CVE-2017-6459
BugTraq ID: 97076
http://www.securityfocus.com/bid/97076
Common Vulnerability Exposure (CVE) ID: CVE-2017-6458
BugTraq ID: 97051
http://www.securityfocus.com/bid/97051
Bugtraq: 20170422 [slackware-security] ntp (SSA:2017-112-02) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/
http://seclists.org/fulldisclosure/2017/Sep/62
http://seclists.org/fulldisclosure/2017/Nov/7
http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
http://www.ubuntu.com/usn/USN-3349-1
Common Vulnerability Exposure (CVE) ID: CVE-2017-6451
BugTraq ID: 97058
http://www.securityfocus.com/bid/97058
Common Vulnerability Exposure (CVE) ID: CVE-2017-6460
BugTraq ID: 97052
http://www.securityfocus.com/bid/97052
Common Vulnerability Exposure (CVE) ID: CVE-2016-9042
BugTraq ID: 97046
http://www.securityfocus.com/bid/97046
Bugtraq: 20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp (Google Search)
http://www.securityfocus.com/archive/1/540403/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.