FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
af485ef4-1c58-11e8-8477-d05099c0ae8cntp -- multiple vulnerabilities

Network Time Foundation reports:

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd:

  • LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack
  • INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak
  • LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
  • LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state
  • LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association

one security issue in ntpq:

  • MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit

and provides over 33 bugfixes and 32 other improvements.


Discovery 2018-02-27
Entry 2018-02-28
Modified 2018-03-14
FreeBSD
ge 11.1 lt 11.1_7

ge 10.4 lt 10.4_6

ge 10.3 lt 10.3_27

ntp
< 4.2.8p11

ntp-devel
gt 0

CVE-2016-1549
CVE-2018-7182
CVE-2018-7170
CVE-2018-7184
CVE-2018-7185
CVE-2018-7183
SA-18:02.ntp
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S