FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4eae4f46-b5ce-11e5-8a2b-d050996490d0ntp -- denial of service vulnerability

Network Time Foundation reports:

NTF's NTP Project has been notified of the following 1 medium-severity vulnerability that is fixed in ntp-4.2.8p5, released on Thursday, 7 January 2016:

NtpBug2956: Small-step/Big-step CVE-2015-5300


Discovery 2015-10-21
Entry 2016-01-08
Modified 2016-08-09
ntp
< 4.2.8p5

ntp-devel
< 4.3.78

FreeBSD
ge 10.2 lt 10.2_9

ge 10.1 lt 10.1_26

ge 9.3 lt 9.3_33

SA-16:02.ntp
CVE-2015-5300
https://www.cs.bu.edu/~goldbe/NTPattack.html
http://support.ntp.org/bin/view/Main/NtpBug2956
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit
c4a18a12-77fc-11e5-a687-206a8a720317ntp -- 13 low- and medium-severity vulnerabilities

ntp.org reports:

NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015:

  • Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG)
  • Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA)
  • Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS)
  • Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS)
  • Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS)
  • Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS)
  • Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
  • Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
  • Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
  • Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
  • Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat)
  • Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University)
  • Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable)

The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4.

Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here:

  • Bug 2382 : Peer precision < -31 gives division by zero
  • Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
  • Bug 1593 : ntpd abort in free() with logconfig syntax error

Discovery 2015-10-21
Entry 2015-10-21
Modified 2016-08-09
ntp
< 4.2.8p4

ntp-devel
< 4.3.76

FreeBSD
ge 10.2 lt 10.2_7

ge 10.1 lt 10.1_24

ge 9.3 lt 9.3_30

SA-15:25.ntp
CVE-2015-7691
CVE-2015-7692
CVE-2015-7701
CVE-2015-7702
CVE-2015-7703
CVE-2015-7704
CVE-2015-7705
CVE-2015-7848
CVE-2015-7849
CVE-2015-7850
CVE-2015-7851
CVE-2015-7852
CVE-2015-7853
CVE-2015-7854
CVE-2015-7855
CVE-2015-7871
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
591a706b-5cdc-11ea-9a0a-206a8a720317ntp -- Multiple vulnerabilities

nwtime.org reports:

Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process.

NTP Bug 3610: Process_control() should exit earlier on short packets. On systems that override the default and enable ntpdc (mode 7) fuzz testing detected that a short packet will cause ntpd to read uninitialized data.

NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to attack on IPv4 with highly predictable transmit timestamps. An off-path attacker who can query time from the victim's ntp which receives time from an unauthenticated time source must be able to send from a spoofed IPv4 address of upstream ntp server and and the victim must be able to process a large number of packets with the spoofed IPv4 address of the upstream server. After eight or more successful attacks in a row the attacker can either modify the victim's clock by a small amount or cause ntpd to terminate. The attack is especially effective when unusually short poll intervals have been configured.

NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such that a ntp can be prevented from initiating a time volley to its peer resulting in a DoS.

All three NTP bugs may result in DoS or terimation of the ntp daemon.


Discovery 2019-05-30
Entry 2020-03-03
FreeBSD
ge 11.3 lt 11.3_7

ge 12.1 lt 12.1_3

ntp
< 4.2.8p14

ntp-devel
le 4.3.99_6

SA-20:09.ntp
5237f5d7-c020-11e5-b397-d050996490d0ntp -- multiple vulnerabilities

Network Time Foundation reports:

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p6, released on Tuesday, 19 January 2016:

  • Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq. Reported by Cisco ASIG.
  • Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass. Reported by Cisco ASIG.
  • Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. Reported by Cisco ASIG.
  • Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list. Reported by Cisco ASIG.
  • Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference. Reported by Cisco ASIG.
  • Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames. Reported by Cisco ASIG.
  • Bug 2937 / CVE-2015-7975: nextvar() missing length check. Reported by Cisco ASIG.
  • Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers. Reported by Cisco ASIG.
  • Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode. Reported by Cisco ASIG.

Additionally, mitigations are published for the following two issues:

  • Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks. Reported by Cisco ASIG.
  • Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. Reported by Cisco ASIG.

Discovery 2016-01-20
Entry 2016-01-21
Modified 2016-08-09
ntp
< 4.2.8p6

ntp-devel
< 4.3.90

FreeBSD
ge 10.2 lt 10.2_11

ge 10.1 lt 10.1_28

ge 9.3 lt 9.3_35

SA-16:09.ntp
CVE-2015-7973
CVE-2015-7974
CVE-2015-7975
CVE-2015-7976
CVE-2015-7977
CVE-2015-7978
CVE-2015-7979
CVE-2015-8138
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
af485ef4-1c58-11e8-8477-d05099c0ae8cntp -- multiple vulnerabilities

Network Time Foundation reports:

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd:

  • LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack
  • INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak
  • LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
  • LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state
  • LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association

one security issue in ntpq:

  • MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit

and provides over 33 bugfixes and 32 other improvements.


Discovery 2018-02-27
Entry 2018-02-28
Modified 2018-03-14
FreeBSD
ge 11.1 lt 11.1_7

ge 10.4 lt 10.4_6

ge 10.3 lt 10.3_27

ntp
< 4.2.8p11

ntp-devel
gt 0

CVE-2016-1549
CVE-2018-7182
CVE-2018-7170
CVE-2018-7184
CVE-2018-7185
CVE-2018-7183
SA-18:02.ntp
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
8db8d62a-b08b-11e6-8eba-d050996490d0ntp -- multiple vulnerabilities

Network Time Foundation reports:

NTF's NTP Project is releasing ntp-4.2.8p9, which addresses:

  • 1 HIGH severity vulnerability that only affects Windows
  • 2 MEDIUM severity vulnerabilities
  • 2 MEDIUM/LOW severity vulnerabilities
  • 5 LOW severity vulnerabilities
  • 28 other non-security fixes and improvements

All of the security issues in this release are listed in VU#633847.


Discovery 2016-11-21
Entry 2016-11-22
ntp
< 4.2.8p9

ntp-devel
gt 0

CVE-2016-7426
CVE-2016-7427
CVE-2016-7428
CVE-2016-7429
CVE-2016-7431
CVE-2016-7433
CVE-2016-7434
CVE-2016-9310
CVE-2016-9311
CVE-2016-9312
http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
http://www.kb.cert.org/vuls/id/633847
c2576e14-36e2-11e9-9eda-206a8a720317ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Network Time Foundation reports:

A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd.

Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.

Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.

Mitigation:

  • Use restrict noquery to limit addresses that can send mode 6 queries.
  • Limit access to the private controlkey in ntp.keys.
  • Upgrade to 4.2.8p13, or later.

Discovery 2019-01-15
Entry 2019-03-07
Modified 2019-07-30
ntp
< 4.2.8p13

FreeBSD
ge 12.0 lt 12.0_2

ge 11.2 lt 11.2_8

http://bugs.ntp.org/3565
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8936
https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:M/C:N/I:N/A:C)
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2019-8936
SA-19:04.ntp
b2487d9a-0c30-11e6-acd0-d050996490d0ntp -- multiple vulnerabilities

Network Time Foundation reports:

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016:

  • Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering. Reported by Matt Street and others of Cisco ASIG
  • Bug 3012 / CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY. Reported by Matthew Van Gundy of Cisco ASIG
  • Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
  • Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
  • Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
  • Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
  • Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos. Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG
  • Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY. Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG.
  • Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken. Reported by Michael Tatarinov, NTP Project Developer Volunteer
  • Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks. Reported by Jonathan Gardner of Cisco ASIG
  • Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing. Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.

Discovery 2016-04-26
Entry 2016-04-27
Modified 2016-08-09
ntp
< 4.2.8p7

ntp-devel
< 4.3.92

FreeBSD
ge 10.3 lt 10.3_1

ge 10.2 lt 10.2_15

ge 10.1 lt 10.1_32

ge 9.3 lt 9.3_40

SA-16:16.ntp
CVE-2015-7704
CVE-2015-8138
CVE-2016-1547
CVE-2016-1548
CVE-2016-1549
CVE-2016-1550
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security