FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5237f5d7-c020-11e5-b397-d050996490d0	ntp -- multiple vulnerabilities Network Time Foundation reports: NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p6, released on Tuesday, 19 January 2016: Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq. Reported by Cisco ASIG. Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass. Reported by Cisco ASIG. Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. Reported by Cisco ASIG. Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list. Reported by Cisco ASIG. Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference. Reported by Cisco ASIG. Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames. Reported by Cisco ASIG. Bug 2937 / CVE-2015-7975: nextvar() missing length check. Reported by Cisco ASIG. Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers. Reported by Cisco ASIG. Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode. Reported by Cisco ASIG. Additionally, mitigations are published for the following two issues: Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks. Reported by Cisco ASIG. Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. Reported by Cisco ASIG. Discovery 2016-01-20 Entry 2016-01-21 Modified 2016-08-09 ntp < 4.2.8p6 ntp-devel < 4.3.90 FreeBSD ge 10.2 lt 10.2_11 ge 10.1 lt 10.1_28 ge 9.3 lt 9.3_35 SA-16:09.ntp CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit

VuXML ID

Description

5237f5d7-c020-11e5-b397-d050996490d0

ntp -- multiple vulnerabilities

Network Time Foundation reports:

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p6, released on Tuesday, 19 January 2016:

Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq. Reported by Cisco ASIG.

Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass. Reported by Cisco ASIG.

Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. Reported by Cisco ASIG.

Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list. Reported by Cisco ASIG.

Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference. Reported by Cisco ASIG.

Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames. Reported by Cisco ASIG.

Bug 2937 / CVE-2015-7975: nextvar() missing length check. Reported by Cisco ASIG.

Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers. Reported by Cisco ASIG.

Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode. Reported by Cisco ASIG.

Additionally, mitigations are published for the following two issues:

Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks. Reported by Cisco ASIG.

Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. Reported by Cisco ASIG.

Discovery 2016-01-20
Entry 2016-01-21
Modified 2016-08-09
ntp

< 4.2.8p6

ntp-devel

< 4.3.90

FreeBSD

ge 10.2 lt 10.2_11

ge 10.1 lt 10.1_28

ge 9.3 lt 9.3_35

SA-16:09.ntp
CVE-2015-7973
CVE-2015-7974
CVE-2015-7975
CVE-2015-7976
CVE-2015-7977
CVE-2015-7978
CVE-2015-7979
CVE-2015-8138
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit