ID CVE-2015-7871
Summary Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
References
Vulnerable Configurations
  • NTP 4.2.0
    cpe:2.3:a:ntp:ntp:4.2.0
  • NTP 4.2.2
    cpe:2.3:a:ntp:ntp:4.2.2
  • NTP 4.2.2 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.2:p1
  • NTP 4.2.2 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.2:p2
  • NTP 4.2.2 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.2:p3
  • NTP 4.2.2 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.2:p4
  • NTP 4.2.4
    cpe:2.3:a:ntp:ntp:4.2.4
  • NTP 4.2.4 Patch 0
    cpe:2.3:a:ntp:ntp:4.2.4:p0
  • NTP 4.2.4 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.4:p1
  • NTP 4.2.4 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.4:p2
  • NTP 4.2.4 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.4:p3
  • NTP 4.2.4 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.4:p4
  • NTP 4.2.4 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.4:p5
  • NTP 4.2.4 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.4:p6
  • NTP 4.2.4 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.4:p7
  • NTP 4.2.4 Patch 7 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc1
  • NTP 4.2.4 Patch 7 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc2
  • NTP 4.2.4 Patch 7 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc3
  • NTP 4.2.4 Patch 7 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc4
  • NTP 4.2.4 Patch 7 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc5
  • NTP 4.2.4 Patch 7 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc6
  • NTP 4.2.4 Patch 7 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc7
  • NTP 4.2.4 Patch 8
    cpe:2.3:a:ntp:ntp:4.2.4:p8
  • NTP 4.2.5 Patch 124
    cpe:2.3:a:ntp:ntp:4.2.5:p124
  • NTP 4.2.5 Patch 125
    cpe:2.3:a:ntp:ntp:4.2.5:p125
  • NTP 4.2.5 Patch 126
    cpe:2.3:a:ntp:ntp:4.2.5:p126
  • NTP 4.2.5 Patch 127
    cpe:2.3:a:ntp:ntp:4.2.5:p127
  • NTP 4.2.5 Patch 128
    cpe:2.3:a:ntp:ntp:4.2.5:p128
  • NTP 4.2.5 Patch 129
    cpe:2.3:a:ntp:ntp:4.2.5:p129
  • NTP 4.2.5 Patch 130
    cpe:2.3:a:ntp:ntp:4.2.5:p130
  • NTP 4.2.5 Patch 131
    cpe:2.3:a:ntp:ntp:4.2.5:p131
  • NTP 4.2.5 Patch 132
    cpe:2.3:a:ntp:ntp:4.2.5:p132
  • NTP 4.2.5 Patch 133
    cpe:2.3:a:ntp:ntp:4.2.5:p133
  • NTP 4.2.5 Patch 134
    cpe:2.3:a:ntp:ntp:4.2.5:p134
  • NTP 4.2.5 Patch 135
    cpe:2.3:a:ntp:ntp:4.2.5:p135
  • NTP 4.2.5 Patch 136
    cpe:2.3:a:ntp:ntp:4.2.5:p136
  • NTP 4.2.5 Patch 137
    cpe:2.3:a:ntp:ntp:4.2.5:p137
  • NTP 4.2.5 Patch 138
    cpe:2.3:a:ntp:ntp:4.2.5:p138
  • NTP 4.2.5 Patch 139
    cpe:2.3:a:ntp:ntp:4.2.5:p139
  • NTP 4.2.5 Patch 140
    cpe:2.3:a:ntp:ntp:4.2.5:p140
  • NTP 4.2.5 Patch 141
    cpe:2.3:a:ntp:ntp:4.2.5:p141
  • NTP 4.2.5 Patch 142
    cpe:2.3:a:ntp:ntp:4.2.5:p142
  • NTP 4.2.5 Patch 143
    cpe:2.3:a:ntp:ntp:4.2.5:p143
  • NTP 4.2.5 Patch 144
    cpe:2.3:a:ntp:ntp:4.2.5:p144
  • NTP 4.2.5 Patch 145
    cpe:2.3:a:ntp:ntp:4.2.5:p145
  • NTP 4.2.5 Patch 146
    cpe:2.3:a:ntp:ntp:4.2.5:p146
  • NTP 4.2.5 Patch 147
    cpe:2.3:a:ntp:ntp:4.2.5:p147
  • NTP 4.2.5 Patch 148
    cpe:2.3:a:ntp:ntp:4.2.5:p148
  • NTP 4.2.5 Patch 149
    cpe:2.3:a:ntp:ntp:4.2.5:p149
  • NTP 4.2.5 Patch 150
    cpe:2.3:a:ntp:ntp:4.2.5:p150
  • NTP 4.2.5 Patch 151
    cpe:2.3:a:ntp:ntp:4.2.5:p151
  • NTP 4.2.5 Patch 152
    cpe:2.3:a:ntp:ntp:4.2.5:p152
  • NTP 4.2.5 Patch 153
    cpe:2.3:a:ntp:ntp:4.2.5:p153
  • NTP 4.2.5 Patch 154
    cpe:2.3:a:ntp:ntp:4.2.5:p154
  • NTP 4.2.5 Patch 155
    cpe:2.3:a:ntp:ntp:4.2.5:p155
  • NTP 4.2.5 Patch 156
    cpe:2.3:a:ntp:ntp:4.2.5:p156
  • NTP 4.2.5 Patch 157
    cpe:2.3:a:ntp:ntp:4.2.5:p157
  • NTP 4.2.5 Patch 158
    cpe:2.3:a:ntp:ntp:4.2.5:p158
  • NTP 4.2.5 Patch 159
    cpe:2.3:a:ntp:ntp:4.2.5:p159
  • NTP 4.2.5 Patch 160
    cpe:2.3:a:ntp:ntp:4.2.5:p160
  • NTP 4.2.5 Patch 161
    cpe:2.3:a:ntp:ntp:4.2.5:p161
  • NTP 4.2.5 Patch 162
    cpe:2.3:a:ntp:ntp:4.2.5:p162
  • NTP 4.2.5 Patch 163
    cpe:2.3:a:ntp:ntp:4.2.5:p163
  • NTP 4.2.5 Patch 164
    cpe:2.3:a:ntp:ntp:4.2.5:p164
  • NTP 4.2.5 Patch 165
    cpe:2.3:a:ntp:ntp:4.2.5:p165
  • NTP 4.2.5 Patch 166
    cpe:2.3:a:ntp:ntp:4.2.5:p166
  • NTP 4.2.5 Patch 167
    cpe:2.3:a:ntp:ntp:4.2.5:p167
  • NTP 4.2.5 Patch 168
    cpe:2.3:a:ntp:ntp:4.2.5:p168
  • NTP 4.2.5 Patch 169
    cpe:2.3:a:ntp:ntp:4.2.5:p169
  • NTP 4.2.5 Patch 170
    cpe:2.3:a:ntp:ntp:4.2.5:p170
  • NTP 4.2.5 Patch 171
    cpe:2.3:a:ntp:ntp:4.2.5:p171
  • NTP 4.2.5 Patch 172
    cpe:2.3:a:ntp:ntp:4.2.5:p172
  • NTP 4.2.5 Patch 173
    cpe:2.3:a:ntp:ntp:4.2.5:p173
  • NTP 4.2.5 Patch 174
    cpe:2.3:a:ntp:ntp:4.2.5:p174
  • NTP 4.2.5 Patch 175
    cpe:2.3:a:ntp:ntp:4.2.5:p175
  • NTP 4.2.5 Patch 176
    cpe:2.3:a:ntp:ntp:4.2.5:p176
  • NTP 4.2.5 Patch 177
    cpe:2.3:a:ntp:ntp:4.2.5:p177
  • NTP 4.2.5 Patch 178
    cpe:2.3:a:ntp:ntp:4.2.5:p178
  • NTP 4.2.5 Patch 179
    cpe:2.3:a:ntp:ntp:4.2.5:p179
  • NTP 4.2.5 Patch 180
    cpe:2.3:a:ntp:ntp:4.2.5:p180
  • NTP 4.2.5 Patch 181
    cpe:2.3:a:ntp:ntp:4.2.5:p181
  • NTP 4.2.5 Patch 182
    cpe:2.3:a:ntp:ntp:4.2.5:p182
  • NTP 4.2.5 Patch 183
    cpe:2.3:a:ntp:ntp:4.2.5:p183
  • NTP 4.2.5 Patch 184
    cpe:2.3:a:ntp:ntp:4.2.5:p184
  • NTP 4.2.5 Patch 185
    cpe:2.3:a:ntp:ntp:4.2.5:p185
  • NTP 4.2.5 Patch 186
    cpe:2.3:a:ntp:ntp:4.2.5:p186
  • NTP 4.2.5 Patch 187
    cpe:2.3:a:ntp:ntp:4.2.5:p187
  • NTP 4.2.5 Patch 188
    cpe:2.3:a:ntp:ntp:4.2.5:p188
  • NTP 4.2.5 Patch 189
    cpe:2.3:a:ntp:ntp:4.2.5:p189
  • NTP 4.2.5 Patch 190
    cpe:2.3:a:ntp:ntp:4.2.5:p190
  • NTP 4.2.5 Patch 191
    cpe:2.3:a:ntp:ntp:4.2.5:p191
  • NTP 4.2.5 Patch 192
    cpe:2.3:a:ntp:ntp:4.2.5:p192
  • NTP 4.2.5 Patch 193
    cpe:2.3:a:ntp:ntp:4.2.5:p193
  • NTP 4.2.5 Patch 194
    cpe:2.3:a:ntp:ntp:4.2.5:p194
  • NTP 4.2.5 Patch 195
    cpe:2.3:a:ntp:ntp:4.2.5:p195
  • NTP 4.2.5 Patch 196
    cpe:2.3:a:ntp:ntp:4.2.5:p196
  • NTP 4.2.5 Patch 197
    cpe:2.3:a:ntp:ntp:4.2.5:p197
  • NTP 4.2.5 Patch 198
    cpe:2.3:a:ntp:ntp:4.2.5:p198
  • NTP 4.2.5 Patch 199
    cpe:2.3:a:ntp:ntp:4.2.5:p199
  • NTP 4.2.5 Patch 200
    cpe:2.3:a:ntp:ntp:4.2.5:p200
  • NTP 4.2.5 Patch 201
    cpe:2.3:a:ntp:ntp:4.2.5:p201
  • NTP 4.2.5 Patch 202
    cpe:2.3:a:ntp:ntp:4.2.5:p202
  • NTP 4.2.5 Patch 203
    cpe:2.3:a:ntp:ntp:4.2.5:p203
  • NTP 4.2.5 Patch 204
    cpe:2.3:a:ntp:ntp:4.2.5:p204
  • NTP 4.2.5 Patch 205
    cpe:2.3:a:ntp:ntp:4.2.5:p205
  • NTP 4.2.5 Patch 206
    cpe:2.3:a:ntp:ntp:4.2.5:p206
  • NTP 4.2.5 Patch 207
    cpe:2.3:a:ntp:ntp:4.2.5:p207
  • NTP 4.2.5 Patch 208
    cpe:2.3:a:ntp:ntp:4.2.5:p208
  • NTP 4.2.5 Patch 209
    cpe:2.3:a:ntp:ntp:4.2.5:p209
  • NTP 4.2.5 Patch 210
    cpe:2.3:a:ntp:ntp:4.2.5:p210
  • NTP 4.2.5 Patch 211
    cpe:2.3:a:ntp:ntp:4.2.5:p211
  • NTP 4.2.5 Patch 212
    cpe:2.3:a:ntp:ntp:4.2.5:p212
  • NTP 4.2.5 Patch 213
    cpe:2.3:a:ntp:ntp:4.2.5:p213
  • NTP 4.2.5 Patch 214
    cpe:2.3:a:ntp:ntp:4.2.5:p214
  • NTP 4.2.5 Patch 215
    cpe:2.3:a:ntp:ntp:4.2.5:p215
  • NTP 4.2.5 Patch 216
    cpe:2.3:a:ntp:ntp:4.2.5:p216
  • NTP 4.2.5 Patch 217
    cpe:2.3:a:ntp:ntp:4.2.5:p217
  • NTP 4.2.5 Patch 218
    cpe:2.3:a:ntp:ntp:4.2.5:p218
  • NTP 4.2.5 Patch 219
    cpe:2.3:a:ntp:ntp:4.2.5:p219
  • NTP 4.2.5 Patch 220
    cpe:2.3:a:ntp:ntp:4.2.5:p220
  • NTP 4.2.5 Patch 221
    cpe:2.3:a:ntp:ntp:4.2.5:p221
  • NTP 4.2.5 Patch 222
    cpe:2.3:a:ntp:ntp:4.2.5:p222
  • NTP 4.2.5 Patch 223
    cpe:2.3:a:ntp:ntp:4.2.5:p223
  • NTP 4.2.5 Patch 224
    cpe:2.3:a:ntp:ntp:4.2.5:p224
  • NTP 4.2.5 Patch 225
    cpe:2.3:a:ntp:ntp:4.2.5:p225
  • NTP 4.2.5 Patch 226
    cpe:2.3:a:ntp:ntp:4.2.5:p226
  • NTP 4.2.5 Patch 227
    cpe:2.3:a:ntp:ntp:4.2.5:p227
  • NTP 4.2.5 Patch 228
    cpe:2.3:a:ntp:ntp:4.2.5:p228
  • NTP 4.2.5 Patch 229
    cpe:2.3:a:ntp:ntp:4.2.5:p229
  • NTP 4.2.5 Patch 230
    cpe:2.3:a:ntp:ntp:4.2.5:p230
  • NTP 4.2.5 Patch 231 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1
  • NTP 4.2.5 Patch 232 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1
  • NTP 4.2.5 Patch 233 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1
  • NTP 4.2.5 Patch 234 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1
  • NTP 4.2.5 Patch 235 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1
  • NTP 4.2.5 Patch 236 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1
  • NTP 4.2.5 Patch 237 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1
  • NTP 4.2.5 Patch 238 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1
  • NTP 4.2.5 Patch 239 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1
  • NTP 4.2.5 Patch 240 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1
  • NTP 4.2.5 Patch 241 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1
  • NTP 4.2.5 Patch 242 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1
  • NTP 4.2.5 Patch 243 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1
  • NTP 4.2.5 Patch 244 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1
  • NTP 4.2.5 Patch 245 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1
  • NTP 4.2.5 Patch 246 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1
  • NTP 4.2.5 Patch 247 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1
  • NTP 4.2.5 Patch 248 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1
  • NTP 4.2.5 Patch 249 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1
  • NTP 4.2.5 Patch 250 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1
  • NTP 4.2.6
    cpe:2.3:a:ntp:ntp:4.2.6
  • NTP 4.2.6 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.6:p1
  • NTP 4.2.6 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc1
  • NTP 4.2.6 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc2
  • NTP 4.2.6 Patch 1 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc3
  • NTP 4.2.6 Patch 1 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc4
  • NTP 4.2.6 Patch 1 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc5
  • NTP 4.2.6 Patch 1 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc6
  • NTP 4.2.6 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.6:p2
  • NTP 4.2.6 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc1
  • NTP 4.2.6 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc2
  • NTP 4.2.6 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc3
  • NTP 4.2.6 Patch 2 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc4
  • NTP 4.2.6 Patch 2 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc5
  • NTP 4.2.6 Patch 2 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc6
  • NTP 4.2.6 Patch 2 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc7
  • NTP 4.2.6 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.6:p3
  • NTP 4.2.6 Patch 3 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.6:p3_beta1
  • NTP 4.2.6 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc1
  • NTP 4.2.6 Patch 3 Release Candidate 10
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc10
  • NTP 4.2.6 Patch 3 Release Candidate 11
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc11
  • NTP 4.2.6 Patch 3 Release Candidate 12
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc12
  • NTP 4.2.6 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc2
  • NTP 4.2.6 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc3
  • NTP 4.2.6 Patch 3 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc4
  • NTP 4.2.6 Patch 3 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc5
  • NTP 4.2.6 Patch 3 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc6
  • NTP 4.2.6 Patch 3 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc7
  • NTP 4.2.6 Patch 3 Release Candidate 8
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc8
  • NTP 4.2.6 Patch 3 Release Candidate 9
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc9
  • NTP 4.2.6 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.6:p4
  • NTP 4.2.6 Patch 4 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.6:p4_beta1
  • NTP 4.2.6 Patch 4 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.6:p4_beta2
  • NTP 4.2.6 Patch 4 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p4_rc1
  • NTP 4.2.6 Patch 4 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p4_rc2
  • NTP 4.2.6 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.6:p5
  • NTP 4.2.6 Patch 5 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc1
  • NTP 4.2.6 Patch 5 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc2
  • NTP 4.2.6 Patch 5 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc3
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
  • NTP 4.2.7 Patch 0
    cpe:2.3:a:ntp:ntp:4.2.7:p0
  • NTP 4.2.7 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.7:p1
  • NTP 4.2.7 Patch 10
    cpe:2.3:a:ntp:ntp:4.2.7:p10
  • NTP 4.2.7 Patch 100
    cpe:2.3:a:ntp:ntp:4.2.7:p100
  • NTP 4.2.7 Patch 101
    cpe:2.3:a:ntp:ntp:4.2.7:p101
  • NTP 4.2.7 Patch 102
    cpe:2.3:a:ntp:ntp:4.2.7:p102
  • NTP 4.2.7 Patch 103
    cpe:2.3:a:ntp:ntp:4.2.7:p103
  • NTP 4.2.7 Patch 104
    cpe:2.3:a:ntp:ntp:4.2.7:p104
  • NTP 4.2.7 Patch 105
    cpe:2.3:a:ntp:ntp:4.2.7:p105
  • NTP 4.2.7 Patch 106
    cpe:2.3:a:ntp:ntp:4.2.7:p106
  • NTP 4.2.7 Patch 107
    cpe:2.3:a:ntp:ntp:4.2.7:p107
  • NTP 4.2.7 Patch 108
    cpe:2.3:a:ntp:ntp:4.2.7:p108
  • NTP 4.2.7 Patch 109
    cpe:2.3:a:ntp:ntp:4.2.7:p109
  • NTP 4.2.7 Patch 11
    cpe:2.3:a:ntp:ntp:4.2.7:p11
  • NTP 4.2.7 Patch 110
    cpe:2.3:a:ntp:ntp:4.2.7:p110
  • NTP 4.2.7 Patch 111
    cpe:2.3:a:ntp:ntp:4.2.7:p111
  • NTP 4.2.7 Patch 112
    cpe:2.3:a:ntp:ntp:4.2.7:p112
  • NTP 4.2.7 Patch 113
    cpe:2.3:a:ntp:ntp:4.2.7:p113
  • NTP 4.2.7 Patch 114
    cpe:2.3:a:ntp:ntp:4.2.7:p114
  • NTP 4.2.7 Patch 115
    cpe:2.3:a:ntp:ntp:4.2.7:p115
  • NTP 4.2.7 Patch 116
    cpe:2.3:a:ntp:ntp:4.2.7:p116
  • NTP 4.2.7 Patch 117
    cpe:2.3:a:ntp:ntp:4.2.7:p117
  • NTP 4.2.7 Patch 118
    cpe:2.3:a:ntp:ntp:4.2.7:p118
  • NTP 4.2.7 Patch 119
    cpe:2.3:a:ntp:ntp:4.2.7:p119
  • NTP 4.2.7 Patch 12
    cpe:2.3:a:ntp:ntp:4.2.7:p12
  • NTP 4.2.7 Patch 120
    cpe:2.3:a:ntp:ntp:4.2.7:p120
  • NTP 4.2.7 Patch 121
    cpe:2.3:a:ntp:ntp:4.2.7:p121
  • NTP 4.2.7 Patch 122
    cpe:2.3:a:ntp:ntp:4.2.7:p122
  • NTP 4.2.7 Patch 123
    cpe:2.3:a:ntp:ntp:4.2.7:p123
  • NTP 4.2.7 Patch 124
    cpe:2.3:a:ntp:ntp:4.2.7:p124
  • NTP 4.2.7 Patch 125
    cpe:2.3:a:ntp:ntp:4.2.7:p125
  • NTP 4.2.7 Patch 126
    cpe:2.3:a:ntp:ntp:4.2.7:p126
  • NTP 4.2.7 Patch 127
    cpe:2.3:a:ntp:ntp:4.2.7:p127
  • NTP 4.2.7 Patch 128
    cpe:2.3:a:ntp:ntp:4.2.7:p128
  • NTP 4.2.7 Patch 129
    cpe:2.3:a:ntp:ntp:4.2.7:p129
  • NTP 4.2.7 Patch 13
    cpe:2.3:a:ntp:ntp:4.2.7:p13
  • NTP 4.2.7 Patch 130
    cpe:2.3:a:ntp:ntp:4.2.7:p130
  • NTP 4.2.7 Patch 131
    cpe:2.3:a:ntp:ntp:4.2.7:p131
  • NTP 4.2.7 Patch 132
    cpe:2.3:a:ntp:ntp:4.2.7:p132
  • NTP 4.2.7 Patch 133
    cpe:2.3:a:ntp:ntp:4.2.7:p133
  • NTP 4.2.7 Patch 134
    cpe:2.3:a:ntp:ntp:4.2.7:p134
  • NTP 4.2.7 Patch 135
    cpe:2.3:a:ntp:ntp:4.2.7:p135
  • NTP 4.2.7 Patch 136
    cpe:2.3:a:ntp:ntp:4.2.7:p136
  • NTP 4.2.7 Patch 137
    cpe:2.3:a:ntp:ntp:4.2.7:p137
  • NTP 4.2.7 Patch 138
    cpe:2.3:a:ntp:ntp:4.2.7:p138
  • NTP 4.2.7 Patch 139
    cpe:2.3:a:ntp:ntp:4.2.7:p139
  • NTP 4.2.7 Patch 14
    cpe:2.3:a:ntp:ntp:4.2.7:p14
  • NTP 4.2.7 Patch 140
    cpe:2.3:a:ntp:ntp:4.2.7:p140
  • NTP 4.2.7 Patch 141
    cpe:2.3:a:ntp:ntp:4.2.7:p141
  • NTP 4.2.7 Patch 142
    cpe:2.3:a:ntp:ntp:4.2.7:p142
  • NTP 4.2.7 Patch 143
    cpe:2.3:a:ntp:ntp:4.2.7:p143
  • NTP 4.2.7 Patch 144
    cpe:2.3:a:ntp:ntp:4.2.7:p144
  • NTP 4.2.7 Patch 145
    cpe:2.3:a:ntp:ntp:4.2.7:p145
  • NTP 4.2.7 Patch 146
    cpe:2.3:a:ntp:ntp:4.2.7:p146
  • NTP 4.2.7 Patch 147
    cpe:2.3:a:ntp:ntp:4.2.7:p147
  • NTP 4.2.7 Patch 148
    cpe:2.3:a:ntp:ntp:4.2.7:p148
  • NTP 4.2.7 Patch 149
    cpe:2.3:a:ntp:ntp:4.2.7:p149
  • NTP 4.2.7 Patch 15
    cpe:2.3:a:ntp:ntp:4.2.7:p15
  • NTP 4.2.7 Patch 150
    cpe:2.3:a:ntp:ntp:4.2.7:p150
  • NTP 4.2.7 Patch 151
    cpe:2.3:a:ntp:ntp:4.2.7:p151
  • NTP 4.2.7 Patch 152
    cpe:2.3:a:ntp:ntp:4.2.7:p152
  • NTP 4.2.7 Patch 153
    cpe:2.3:a:ntp:ntp:4.2.7:p153
  • NTP 4.2.7 Patch 154
    cpe:2.3:a:ntp:ntp:4.2.7:p154
  • NTP 4.2.7 Patch 155
    cpe:2.3:a:ntp:ntp:4.2.7:p155
  • NTP 4.2.7 Patch 156
    cpe:2.3:a:ntp:ntp:4.2.7:p156
  • NTP 4.2.7 Patch 157
    cpe:2.3:a:ntp:ntp:4.2.7:p157
  • NTP 4.2.7 Patch 158
    cpe:2.3:a:ntp:ntp:4.2.7:p158
  • NTP 4.2.7 Patch 159
    cpe:2.3:a:ntp:ntp:4.2.7:p159
  • NTP 4.2.7 Patch 16
    cpe:2.3:a:ntp:ntp:4.2.7:p16
  • NTP 4.2.7 Patch 160
    cpe:2.3:a:ntp:ntp:4.2.7:p160
  • NTP 4.2.7 Patch 161
    cpe:2.3:a:ntp:ntp:4.2.7:p161
  • NTP 4.2.7 Patch 162
    cpe:2.3:a:ntp:ntp:4.2.7:p162
  • NTP 4.2.7 Patch 163
    cpe:2.3:a:ntp:ntp:4.2.7:p163
  • NTP 4.2.7 Patch 164
    cpe:2.3:a:ntp:ntp:4.2.7:p164
  • NTP 4.2.7 Patch 165
    cpe:2.3:a:ntp:ntp:4.2.7:p165
  • NTP 4.2.7 Patch 166
    cpe:2.3:a:ntp:ntp:4.2.7:p166
  • NTP 4.2.7 Patch 17
    cpe:2.3:a:ntp:ntp:4.2.7:p17
  • NTP 4.2.7 Patch 170
    cpe:2.3:a:ntp:ntp:4.2.7:p170
  • NTP 4.2.7 Patch 171
    cpe:2.3:a:ntp:ntp:4.2.7:p171
  • NTP 4.2.7 Patch 172
    cpe:2.3:a:ntp:ntp:4.2.7:p172
  • NTP 4.2.7 Patch 173
    cpe:2.3:a:ntp:ntp:4.2.7:p173
  • NTP 4.2.7 Patch 174
    cpe:2.3:a:ntp:ntp:4.2.7:p174
  • NTP 4.2.7 Patch 175
    cpe:2.3:a:ntp:ntp:4.2.7:p175
  • NTP 4.2.7 Patch 176
    cpe:2.3:a:ntp:ntp:4.2.7:p176
  • NTP 4.2.7 Patch 177
    cpe:2.3:a:ntp:ntp:4.2.7:p177
  • NTP 4.2.7 Patch 178
    cpe:2.3:a:ntp:ntp:4.2.7:p178
  • NTP 4.2.7 Patch 179
    cpe:2.3:a:ntp:ntp:4.2.7:p179
  • NTP 4.2.7 Patch 18
    cpe:2.3:a:ntp:ntp:4.2.7:p18
  • NTP 4.2.7 Patch 180
    cpe:2.3:a:ntp:ntp:4.2.7:p180
  • NTP 4.2.7 Patch 181
    cpe:2.3:a:ntp:ntp:4.2.7:p181
  • NTP 4.2.7 Patch 182
    cpe:2.3:a:ntp:ntp:4.2.7:p182
  • NTP 4.2.7 Patch 183
    cpe:2.3:a:ntp:ntp:4.2.7:p183
  • NTP 4.2.7 Patch 184
    cpe:2.3:a:ntp:ntp:4.2.7:p184
  • NTP 4.2.7 Patch 185
    cpe:2.3:a:ntp:ntp:4.2.7:p185
  • NTP 4.2.7 Patch 186
    cpe:2.3:a:ntp:ntp:4.2.7:p186
  • NTP 4.2.7 Patch 187
    cpe:2.3:a:ntp:ntp:4.2.7:p187
  • NTP 4.2.7 Patch 188
    cpe:2.3:a:ntp:ntp:4.2.7:p188
  • NTP 4.2.7 Patch 189
    cpe:2.3:a:ntp:ntp:4.2.7:p189
  • NTP 4.2.7 Patch 19
    cpe:2.3:a:ntp:ntp:4.2.7:p19
  • NTP 4.2.7 Patch 190
    cpe:2.3:a:ntp:ntp:4.2.7:p190
  • NTP 4.2.7 Patch 191
    cpe:2.3:a:ntp:ntp:4.2.7:p191
  • NTP 4.2.7 Patch 192
    cpe:2.3:a:ntp:ntp:4.2.7:p192
  • NTP 4.2.7 Patch 193
    cpe:2.3:a:ntp:ntp:4.2.7:p193
  • NTP 4.2.7 Patch 194
    cpe:2.3:a:ntp:ntp:4.2.7:p194
  • NTP 4.2.7 Patch 195
    cpe:2.3:a:ntp:ntp:4.2.7:p195
  • NTP 4.2.7 Patch 196
    cpe:2.3:a:ntp:ntp:4.2.7:p196
  • NTP 4.2.7 Patch 197
    cpe:2.3:a:ntp:ntp:4.2.7:p197
  • NTP 4.2.7 Patch 198
    cpe:2.3:a:ntp:ntp:4.2.7:p198
  • NTP 4.2.7 Patch 199
    cpe:2.3:a:ntp:ntp:4.2.7:p199
  • NTP 4.2.7 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.7:p2
  • NTP 4.2.7 Patch 20
    cpe:2.3:a:ntp:ntp:4.2.7:p20
  • NTP 4.2.7 Patch 200
    cpe:2.3:a:ntp:ntp:4.2.7:p200
  • NTP 4.2.7 Patch 201
    cpe:2.3:a:ntp:ntp:4.2.7:p201
  • NTP 4.2.7 Patch 202
    cpe:2.3:a:ntp:ntp:4.2.7:p202
  • NTP 4.2.7 Patch 203
    cpe:2.3:a:ntp:ntp:4.2.7:p203
  • NTP 4.2.7 Patch 204
    cpe:2.3:a:ntp:ntp:4.2.7:p204
  • NTP 4.2.7 Patch 205
    cpe:2.3:a:ntp:ntp:4.2.7:p205
  • NTP 4.2.7 Patch 206
    cpe:2.3:a:ntp:ntp:4.2.7:p206
  • NTP 4.2.7 Patch 207
    cpe:2.3:a:ntp:ntp:4.2.7:p207
  • NTP 4.2.7 Patch 208
    cpe:2.3:a:ntp:ntp:4.2.7:p208
  • NTP 4.2.7 Patch 209
    cpe:2.3:a:ntp:ntp:4.2.7:p209
  • NTP 4.2.7 Patch 21
    cpe:2.3:a:ntp:ntp:4.2.7:p21
  • NTP 4.2.7 Patch 210
    cpe:2.3:a:ntp:ntp:4.2.7:p210
  • NTP 4.2.7 Patch 211
    cpe:2.3:a:ntp:ntp:4.2.7:p211
  • NTP 4.2.7 Patch 212
    cpe:2.3:a:ntp:ntp:4.2.7:p212
  • NTP 4.2.7 Patch 213
    cpe:2.3:a:ntp:ntp:4.2.7:p213
  • NTP 4.2.7 Patch 214
    cpe:2.3:a:ntp:ntp:4.2.7:p214
  • NTP 4.2.7 Patch 215
    cpe:2.3:a:ntp:ntp:4.2.7:p215
  • NTP 4.2.7 Patch 216
    cpe:2.3:a:ntp:ntp:4.2.7:p216
  • NTP 4.2.7 Patch 217
    cpe:2.3:a:ntp:ntp:4.2.7:p217
  • NTP 4.2.7 Patch 218
    cpe:2.3:a:ntp:ntp:4.2.7:p218
  • NTP 4.2.7 Patch 219
    cpe:2.3:a:ntp:ntp:4.2.7:p219
  • NTP 4.2.7 Patch 22
    cpe:2.3:a:ntp:ntp:4.2.7:p22
  • NTP 4.2.7 Patch 220
    cpe:2.3:a:ntp:ntp:4.2.7:p220
  • NTP 4.2.7 Patch 221
    cpe:2.3:a:ntp:ntp:4.2.7:p221
  • NTP 4.2.7 Patch 222
    cpe:2.3:a:ntp:ntp:4.2.7:p222
  • NTP 4.2.7 Patch 223
    cpe:2.3:a:ntp:ntp:4.2.7:p223
  • NTP 4.2.7 Patch 224
    cpe:2.3:a:ntp:ntp:4.2.7:p224
  • NTP 4.2.7 Patch 225
    cpe:2.3:a:ntp:ntp:4.2.7:p225
  • NTP 4.2.7 Patch 226
    cpe:2.3:a:ntp:ntp:4.2.7:p226
  • NTP 4.2.7 Patch 227
    cpe:2.3:a:ntp:ntp:4.2.7:p227
  • NTP 4.2.7 Patch 228
    cpe:2.3:a:ntp:ntp:4.2.7:p228
  • NTP 4.2.7 Patch 229
    cpe:2.3:a:ntp:ntp:4.2.7:p229
  • NTP 4.2.7 Patch 23
    cpe:2.3:a:ntp:ntp:4.2.7:p23
  • NTP 4.2.7 Patch 230
    cpe:2.3:a:ntp:ntp:4.2.7:p230
  • NTP 4.2.7 Patch 231
    cpe:2.3:a:ntp:ntp:4.2.7:p231
  • NTP 4.2.7 Patch 232
    cpe:2.3:a:ntp:ntp:4.2.7:p232
  • NTP 4.2.7 Patch 233
    cpe:2.3:a:ntp:ntp:4.2.7:p233
  • NTP 4.2.7 Patch 234
    cpe:2.3:a:ntp:ntp:4.2.7:p234
  • NTP 4.2.7 Patch 235
    cpe:2.3:a:ntp:ntp:4.2.7:p235
  • NTP 4.2.7 Patch 236
    cpe:2.3:a:ntp:ntp:4.2.7:p236
  • NTP 4.2.7 Patch 237
    cpe:2.3:a:ntp:ntp:4.2.7:p237
  • NTP 4.2.7 Patch 238
    cpe:2.3:a:ntp:ntp:4.2.7:p238
  • NTP 4.2.7 Patch 239
    cpe:2.3:a:ntp:ntp:4.2.7:p239
  • NTP 4.2.7 Patch 24
    cpe:2.3:a:ntp:ntp:4.2.7:p24
  • NTP 4.2.7 Patch 240
    cpe:2.3:a:ntp:ntp:4.2.7:p240
  • NTP 4.2.7 Patch 241
    cpe:2.3:a:ntp:ntp:4.2.7:p241
  • NTP 4.2.7 Patch 242
    cpe:2.3:a:ntp:ntp:4.2.7:p242
  • NTP 4.2.7 Patch 243
    cpe:2.3:a:ntp:ntp:4.2.7:p243
  • NTP 4.2.7 Patch 244
    cpe:2.3:a:ntp:ntp:4.2.7:p244
  • NTP 4.2.7 Patch 245
    cpe:2.3:a:ntp:ntp:4.2.7:p245
  • NTP 4.2.7 Patch 246
    cpe:2.3:a:ntp:ntp:4.2.7:p246
  • NTP 4.2.7 Patch 247
    cpe:2.3:a:ntp:ntp:4.2.7:p247
  • NTP 4.2.7 Patch 248
    cpe:2.3:a:ntp:ntp:4.2.7:p248
  • NTP 4.2.7 Patch 249
    cpe:2.3:a:ntp:ntp:4.2.7:p249
  • NTP 4.2.7 Patch 25
    cpe:2.3:a:ntp:ntp:4.2.7:p25
  • NTP 4.2.7 Patch 250
    cpe:2.3:a:ntp:ntp:4.2.7:p250
  • NTP 4.2.7 Patch 251
    cpe:2.3:a:ntp:ntp:4.2.7:p251
  • NTP 4.2.7 Patch 252
    cpe:2.3:a:ntp:ntp:4.2.7:p252
  • NTP 4.2.7 Patch 253
    cpe:2.3:a:ntp:ntp:4.2.7:p253
  • NTP 4.2.7 Patch 254
    cpe:2.3:a:ntp:ntp:4.2.7:p254
  • NTP 4.2.7 Patch 255
    cpe:2.3:a:ntp:ntp:4.2.7:p255
  • NTP 4.2.7 Patch 256
    cpe:2.3:a:ntp:ntp:4.2.7:p256
  • NTP 4.2.7 Patch 257
    cpe:2.3:a:ntp:ntp:4.2.7:p257
  • NTP 4.2.7 Patch 258
    cpe:2.3:a:ntp:ntp:4.2.7:p258
  • NTP 4.2.7 Patch 259
    cpe:2.3:a:ntp:ntp:4.2.7:p259
  • NTP 4.2.7 Patch 26
    cpe:2.3:a:ntp:ntp:4.2.7:p26
  • NTP 4.2.7 Patch 260
    cpe:2.3:a:ntp:ntp:4.2.7:p260
  • NTP 4.2.7 Patch 261
    cpe:2.3:a:ntp:ntp:4.2.7:p261
  • NTP 4.2.7 Patch 262
    cpe:2.3:a:ntp:ntp:4.2.7:p262
  • NTP 4.2.7 Patch 263
    cpe:2.3:a:ntp:ntp:4.2.7:p263
  • NTP 4.2.7 Patch 264
    cpe:2.3:a:ntp:ntp:4.2.7:p264
  • NTP 4.2.7 Patch 265
    cpe:2.3:a:ntp:ntp:4.2.7:p265
  • NTP 4.2.7 Patch 266
    cpe:2.3:a:ntp:ntp:4.2.7:p266
  • NTP 4.2.7 Patch 267
    cpe:2.3:a:ntp:ntp:4.2.7:p267
  • NTP 4.2.7 Patch 268
    cpe:2.3:a:ntp:ntp:4.2.7:p268
  • NTP 4.2.7 Patch 269
    cpe:2.3:a:ntp:ntp:4.2.7:p269
  • NTP 4.2.7 Patch 27
    cpe:2.3:a:ntp:ntp:4.2.7:p27
  • NTP 4.2.7 Patch 270
    cpe:2.3:a:ntp:ntp:4.2.7:p270
  • NTP 4.2.7 Patch 271
    cpe:2.3:a:ntp:ntp:4.2.7:p271
  • NTP 4.2.7 Patch 272
    cpe:2.3:a:ntp:ntp:4.2.7:p272
  • NTP 4.2.7 Patch 273
    cpe:2.3:a:ntp:ntp:4.2.7:p273
  • NTP 4.2.7 Patch 274
    cpe:2.3:a:ntp:ntp:4.2.7:p274
  • NTP 4.2.7 Patch 275
    cpe:2.3:a:ntp:ntp:4.2.7:p275
  • NTP 4.2.7 Patch 276
    cpe:2.3:a:ntp:ntp:4.2.7:p276
  • NTP 4.2.7 Patch 277
    cpe:2.3:a:ntp:ntp:4.2.7:p277
  • NTP 4.2.7 Patch 278
    cpe:2.3:a:ntp:ntp:4.2.7:p278
  • NTP 4.2.7 Patch 279
    cpe:2.3:a:ntp:ntp:4.2.7:p279
  • NTP 4.2.7 Patch 28
    cpe:2.3:a:ntp:ntp:4.2.7:p28
  • NTP 4.2.7 Patch 280
    cpe:2.3:a:ntp:ntp:4.2.7:p280
  • NTP 4.2.7 Patch 281
    cpe:2.3:a:ntp:ntp:4.2.7:p281
  • NTP 4.2.7 Patch 282
    cpe:2.3:a:ntp:ntp:4.2.7:p282
  • NTP 4.2.7 Patch 283
    cpe:2.3:a:ntp:ntp:4.2.7:p283
  • NTP 4.2.7 Patch 284
    cpe:2.3:a:ntp:ntp:4.2.7:p284
  • NTP 4.2.7 Patch 285
    cpe:2.3:a:ntp:ntp:4.2.7:p285
  • NTP 4.2.7 Patch 286
    cpe:2.3:a:ntp:ntp:4.2.7:p286
  • NTP 4.2.7 Patch 287
    cpe:2.3:a:ntp:ntp:4.2.7:p287
  • NTP 4.2.7 Patch 288
    cpe:2.3:a:ntp:ntp:4.2.7:p288
  • NTP 4.2.7 Patch 289
    cpe:2.3:a:ntp:ntp:4.2.7:p289
  • NTP 4.2.7 Patch 29
    cpe:2.3:a:ntp:ntp:4.2.7:p29
  • NTP 4.2.7 Patch 290
    cpe:2.3:a:ntp:ntp:4.2.7:p290
  • NTP 4.2.7 Patch 291
    cpe:2.3:a:ntp:ntp:4.2.7:p291
  • NTP 4.2.7 Patch 292
    cpe:2.3:a:ntp:ntp:4.2.7:p292
  • NTP 4.2.7 Patch 293
    cpe:2.3:a:ntp:ntp:4.2.7:p293
  • NTP 4.2.7 Patch 294
    cpe:2.3:a:ntp:ntp:4.2.7:p294
  • NTP 4.2.7 Patch 295
    cpe:2.3:a:ntp:ntp:4.2.7:p295
  • NTP 4.2.7 Patch 296
    cpe:2.3:a:ntp:ntp:4.2.7:p296
  • NTP 4.2.7 Patch 297
    cpe:2.3:a:ntp:ntp:4.2.7:p297
  • NTP 4.2.7 Patch 298
    cpe:2.3:a:ntp:ntp:4.2.7:p298
  • NTP 4.2.7 Patch 299
    cpe:2.3:a:ntp:ntp:4.2.7:p299
  • NTP 4.2.7 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.7:p3
  • NTP 4.2.7 Patch 30
    cpe:2.3:a:ntp:ntp:4.2.7:p30
  • NTP 4.2.7 Patch 300
    cpe:2.3:a:ntp:ntp:4.2.7:p300
  • NTP 4.2.7 Patch 301
    cpe:2.3:a:ntp:ntp:4.2.7:p301
  • NTP 4.2.7 Patch 302
    cpe:2.3:a:ntp:ntp:4.2.7:p302
  • NTP 4.2.7 Patch 303
    cpe:2.3:a:ntp:ntp:4.2.7:p303
  • NTP 4.2.7 Patch 304
    cpe:2.3:a:ntp:ntp:4.2.7:p304
  • NTP 4.2.7 Patch 305
    cpe:2.3:a:ntp:ntp:4.2.7:p305
  • NTP 4.2.7 Patch 306
    cpe:2.3:a:ntp:ntp:4.2.7:p306
  • NTP 4.2.7 Patch 307
    cpe:2.3:a:ntp:ntp:4.2.7:p307
  • NTP 4.2.7 Patch 308
    cpe:2.3:a:ntp:ntp:4.2.7:p308
  • NTP 4.2.7 Patch 309
    cpe:2.3:a:ntp:ntp:4.2.7:p309
  • NTP 4.2.7 Patch 31
    cpe:2.3:a:ntp:ntp:4.2.7:p31
  • NTP 4.2.7 Patch 310
    cpe:2.3:a:ntp:ntp:4.2.7:p310
  • NTP 4.2.7 Patch 311
    cpe:2.3:a:ntp:ntp:4.2.7:p311
  • NTP 4.2.7 Patch 312
    cpe:2.3:a:ntp:ntp:4.2.7:p312
  • NTP 4.2.7 Patch 313
    cpe:2.3:a:ntp:ntp:4.2.7:p313
  • NTP 4.2.7 Patch 314
    cpe:2.3:a:ntp:ntp:4.2.7:p314
  • NTP 4.2.7 Patch 315
    cpe:2.3:a:ntp:ntp:4.2.7:p315
  • NTP 4.2.7 Patch 316
    cpe:2.3:a:ntp:ntp:4.2.7:p316
  • NTP 4.2.7 Patch 317
    cpe:2.3:a:ntp:ntp:4.2.7:p317
  • NTP 4.2.7 Patch 318
    cpe:2.3:a:ntp:ntp:4.2.7:p318
  • NTP 4.2.7 Patch 319
    cpe:2.3:a:ntp:ntp:4.2.7:p319
  • NTP 4.2.7 Patch 32
    cpe:2.3:a:ntp:ntp:4.2.7:p32
  • NTP 4.2.7 Patch 320
    cpe:2.3:a:ntp:ntp:4.2.7:p320
  • NTP 4.2.7 Patch 321
    cpe:2.3:a:ntp:ntp:4.2.7:p321
  • NTP 4.2.7 Patch 322
    cpe:2.3:a:ntp:ntp:4.2.7:p322
  • NTP 4.2.7 Patch 323
    cpe:2.3:a:ntp:ntp:4.2.7:p323
  • NTP 4.2.7 Patch 324
    cpe:2.3:a:ntp:ntp:4.2.7:p324
  • NTP 4.2.7 Patch 325
    cpe:2.3:a:ntp:ntp:4.2.7:p325
  • NTP 4.2.7 Patch 326
    cpe:2.3:a:ntp:ntp:4.2.7:p326
  • NTP 4.2.7 Patch 327
    cpe:2.3:a:ntp:ntp:4.2.7:p327
  • NTP 4.2.7 Patch 328
    cpe:2.3:a:ntp:ntp:4.2.7:p328
  • NTP 4.2.7 Patch 329
    cpe:2.3:a:ntp:ntp:4.2.7:p329
  • NTP 4.2.7 Patch 33
    cpe:2.3:a:ntp:ntp:4.2.7:p33
  • NTP 4.2.7 Patch 330
    cpe:2.3:a:ntp:ntp:4.2.7:p330
  • NTP 4.2.7 Patch 331
    cpe:2.3:a:ntp:ntp:4.2.7:p331
  • NTP 4.2.7 Patch 332
    cpe:2.3:a:ntp:ntp:4.2.7:p332
  • NTP 4.2.7 Patch 333
    cpe:2.3:a:ntp:ntp:4.2.7:p333
  • NTP 4.2.7 Patch 334
    cpe:2.3:a:ntp:ntp:4.2.7:p334
  • NTP 4.2.7 Patch 335
    cpe:2.3:a:ntp:ntp:4.2.7:p335
  • NTP 4.2.7 Patch 336
    cpe:2.3:a:ntp:ntp:4.2.7:p336
  • NTP 4.2.7 Patch 337
    cpe:2.3:a:ntp:ntp:4.2.7:p337
  • NTP 4.2.7 Patch 338
    cpe:2.3:a:ntp:ntp:4.2.7:p338
  • NTP 4.2.7 Patch 339
    cpe:2.3:a:ntp:ntp:4.2.7:p339
  • NTP 4.2.7 Patch 34
    cpe:2.3:a:ntp:ntp:4.2.7:p34
  • NTP 4.2.7 Patch 340
    cpe:2.3:a:ntp:ntp:4.2.7:p340
  • NTP 4.2.7 Patch 341
    cpe:2.3:a:ntp:ntp:4.2.7:p341
  • NTP 4.2.7 Patch 342
    cpe:2.3:a:ntp:ntp:4.2.7:p342
  • NTP 4.2.7 Patch 343
    cpe:2.3:a:ntp:ntp:4.2.7:p343
  • NTP 4.2.7 Patch 344
    cpe:2.3:a:ntp:ntp:4.2.7:p344
  • NTP 4.2.7 Patch 345
    cpe:2.3:a:ntp:ntp:4.2.7:p345
  • NTP 4.2.7 Patch 346
    cpe:2.3:a:ntp:ntp:4.2.7:p346
  • NTP 4.2.7 Patch 347
    cpe:2.3:a:ntp:ntp:4.2.7:p347
  • NTP 4.2.7 Patch 348
    cpe:2.3:a:ntp:ntp:4.2.7:p348
  • NTP 4.2.7 Patch 349
    cpe:2.3:a:ntp:ntp:4.2.7:p349
  • NTP 4.2.7 Patch 35
    cpe:2.3:a:ntp:ntp:4.2.7:p35
  • NTP 4.2.7 Patch 350
    cpe:2.3:a:ntp:ntp:4.2.7:p350
  • NTP 4.2.7 Patch 351
    cpe:2.3:a:ntp:ntp:4.2.7:p351
  • NTP 4.2.7 Patch 352
    cpe:2.3:a:ntp:ntp:4.2.7:p352
  • NTP 4.2.7 Patch 353
    cpe:2.3:a:ntp:ntp:4.2.7:p353
  • NTP 4.2.7 Patch 354
    cpe:2.3:a:ntp:ntp:4.2.7:p354
  • NTP 4.2.7 Patch 355
    cpe:2.3:a:ntp:ntp:4.2.7:p355
  • NTP 4.2.7 Patch 356
    cpe:2.3:a:ntp:ntp:4.2.7:p356
  • NTP 4.2.7 Patch 357
    cpe:2.3:a:ntp:ntp:4.2.7:p357
  • NTP 4.2.7 Patch 358
    cpe:2.3:a:ntp:ntp:4.2.7:p358
  • NTP 4.2.7 Patch 359
    cpe:2.3:a:ntp:ntp:4.2.7:p359
  • NTP 4.2.7 Patch 36
    cpe:2.3:a:ntp:ntp:4.2.7:p36
  • NTP 4.2.7 Patch 360
    cpe:2.3:a:ntp:ntp:4.2.7:p360
  • NTP 4.2.7 Patch 361
    cpe:2.3:a:ntp:ntp:4.2.7:p361
  • NTP 4.2.7 Patch 362
    cpe:2.3:a:ntp:ntp:4.2.7:p362
  • NTP 4.2.7 Patch 363
    cpe:2.3:a:ntp:ntp:4.2.7:p363
  • NTP 4.2.7 Patch 364
    cpe:2.3:a:ntp:ntp:4.2.7:p364
  • NTP 4.2.7 Patch 365
    cpe:2.3:a:ntp:ntp:4.2.7:p365
  • NTP 4.2.7 Patch 366
    cpe:2.3:a:ntp:ntp:4.2.7:p366
  • NTP 4.2.7 Patch 367
    cpe:2.3:a:ntp:ntp:4.2.7:p367
  • NTP 4.2.7 Patch 368
    cpe:2.3:a:ntp:ntp:4.2.7:p368
  • NTP 4.2.7 Patch 369
    cpe:2.3:a:ntp:ntp:4.2.7:p369
  • NTP 4.2.7 Patch 37
    cpe:2.3:a:ntp:ntp:4.2.7:p37
  • NTP 4.2.7 Patch 370
    cpe:2.3:a:ntp:ntp:4.2.7:p370
  • NTP 4.2.7 Patch 371
    cpe:2.3:a:ntp:ntp:4.2.7:p371
  • NTP 4.2.7 Patch 372
    cpe:2.3:a:ntp:ntp:4.2.7:p372
  • NTP 4.2.7 Patch 373
    cpe:2.3:a:ntp:ntp:4.2.7:p373
  • NTP 4.2.7 Patch 374
    cpe:2.3:a:ntp:ntp:4.2.7:p374
  • NTP 4.2.7 Patch 375
    cpe:2.3:a:ntp:ntp:4.2.7:p375
  • NTP 4.2.7 Patch 376
    cpe:2.3:a:ntp:ntp:4.2.7:p376
  • NTP 4.2.7 Patch 377
    cpe:2.3:a:ntp:ntp:4.2.7:p377
  • NTP 4.2.7 Patch 378
    cpe:2.3:a:ntp:ntp:4.2.7:p378
  • NTP 4.2.7 Patch 379
    cpe:2.3:a:ntp:ntp:4.2.7:p379
  • NTP 4.2.7 Patch 38
    cpe:2.3:a:ntp:ntp:4.2.7:p38
  • NTP 4.2.7 Patch 380
    cpe:2.3:a:ntp:ntp:4.2.7:p380
  • NTP 4.2.7 Patch 381
    cpe:2.3:a:ntp:ntp:4.2.7:p381
  • NTP 4.2.7 Patch 382
    cpe:2.3:a:ntp:ntp:4.2.7:p382
  • NTP 4.2.7 Patch 383
    cpe:2.3:a:ntp:ntp:4.2.7:p383
  • NTP 4.2.7 Patch 384
    cpe:2.3:a:ntp:ntp:4.2.7:p384
  • NTP 4.2.7 Patch 385
    cpe:2.3:a:ntp:ntp:4.2.7:p385
  • NTP 4.2.7 Patch 386
    cpe:2.3:a:ntp:ntp:4.2.7:p386
  • NTP 4.2.7 Patch 387
    cpe:2.3:a:ntp:ntp:4.2.7:p387
  • NTP 4.2.7 Patch 388
    cpe:2.3:a:ntp:ntp:4.2.7:p388
  • NTP 4.2.7 Patch 389
    cpe:2.3:a:ntp:ntp:4.2.7:p389
  • NTP 4.2.7 Patch 39
    cpe:2.3:a:ntp:ntp:4.2.7:p39
  • NTP 4.2.7 Patch 390
    cpe:2.3:a:ntp:ntp:4.2.7:p390
  • NTP 4.2.7 Patch 391
    cpe:2.3:a:ntp:ntp:4.2.7:p391
  • NTP 4.2.7 Patch 392
    cpe:2.3:a:ntp:ntp:4.2.7:p392
  • NTP 4.2.7 Patch 393
    cpe:2.3:a:ntp:ntp:4.2.7:p393
  • NTP 4.2.7 Patch 394
    cpe:2.3:a:ntp:ntp:4.2.7:p394
  • NTP 4.2.7 Patch 395
    cpe:2.3:a:ntp:ntp:4.2.7:p395
  • NTP 4.2.7 Patch 396
    cpe:2.3:a:ntp:ntp:4.2.7:p396
  • NTP 4.2.7 Patch 397
    cpe:2.3:a:ntp:ntp:4.2.7:p397
  • NTP 4.2.7 Patch 398
    cpe:2.3:a:ntp:ntp:4.2.7:p398
  • NTP 4.2.7 Patch 399
    cpe:2.3:a:ntp:ntp:4.2.7:p399
  • NTP 4.2.7 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.7:p4
  • NTP 4.2.7 Patch 40
    cpe:2.3:a:ntp:ntp:4.2.7:p40
  • NTP 4.2.7 Patch 400
    cpe:2.3:a:ntp:ntp:4.2.7:p400
  • NTP 4.2.7 Patch 401
    cpe:2.3:a:ntp:ntp:4.2.7:p401
  • NTP 4.2.7 Patch 402
    cpe:2.3:a:ntp:ntp:4.2.7:p402
  • NTP 4.2.7 Patch 403
    cpe:2.3:a:ntp:ntp:4.2.7:p403
  • NTP 4.2.7 Patch 404
    cpe:2.3:a:ntp:ntp:4.2.7:p404
  • NTP 4.2.7 Patch 405
    cpe:2.3:a:ntp:ntp:4.2.7:p405
  • NTP 4.2.7 Patch 406
    cpe:2.3:a:ntp:ntp:4.2.7:p406
  • NTP 4.2.7 Patch 407
    cpe:2.3:a:ntp:ntp:4.2.7:p407
  • NTP 4.2.7 Patch 408
    cpe:2.3:a:ntp:ntp:4.2.7:p408
  • NTP 4.2.7 Patch 409
    cpe:2.3:a:ntp:ntp:4.2.7:p409
  • NTP 4.2.7 Patch 41
    cpe:2.3:a:ntp:ntp:4.2.7:p41
  • NTP 4.2.7 Patch 410
    cpe:2.3:a:ntp:ntp:4.2.7:p410
  • NTP 4.2.7 Patch 411
    cpe:2.3:a:ntp:ntp:4.2.7:p411
  • NTP 4.2.7 Patch 412
    cpe:2.3:a:ntp:ntp:4.2.7:p412
  • NTP 4.2.7 Patch 413
    cpe:2.3:a:ntp:ntp:4.2.7:p413
  • NTP 4.2.7 Patch 414
    cpe:2.3:a:ntp:ntp:4.2.7:p414
  • NTP 4.2.7 Patch 415
    cpe:2.3:a:ntp:ntp:4.2.7:p415
  • NTP 4.2.7 Patch 416
    cpe:2.3:a:ntp:ntp:4.2.7:p416
  • NTP 4.2.7 Patch 417
    cpe:2.3:a:ntp:ntp:4.2.7:p417
  • NTP 4.2.7 Patch 418
    cpe:2.3:a:ntp:ntp:4.2.7:p418
  • NTP 4.2.7 Patch 419
    cpe:2.3:a:ntp:ntp:4.2.7:p419
  • NTP 4.2.7 Patch 42
    cpe:2.3:a:ntp:ntp:4.2.7:p42
  • NTP 4.2.7 Patch 420
    cpe:2.3:a:ntp:ntp:4.2.7:p420
  • NTP 4.2.7 Patch 421
    cpe:2.3:a:ntp:ntp:4.2.7:p421
  • NTP 4.2.7 Patch 422
    cpe:2.3:a:ntp:ntp:4.2.7:p422
  • NTP 4.2.7 Patch 423
    cpe:2.3:a:ntp:ntp:4.2.7:p423
  • NTP 4.2.7 Patch 424
    cpe:2.3:a:ntp:ntp:4.2.7:p424
  • NTP 4.2.7 Patch 425
    cpe:2.3:a:ntp:ntp:4.2.7:p425
  • NTP 4.2.7 Patch 426
    cpe:2.3:a:ntp:ntp:4.2.7:p426
  • NTP 4.2.7 Patch 427
    cpe:2.3:a:ntp:ntp:4.2.7:p427
  • NTP 4.2.7 Patch 428
    cpe:2.3:a:ntp:ntp:4.2.7:p428
  • NTP 4.2.7 Patch 429
    cpe:2.3:a:ntp:ntp:4.2.7:p429
  • NTP 4.2.7 Patch 43
    cpe:2.3:a:ntp:ntp:4.2.7:p43
  • NTP 4.2.7 Patch 430
    cpe:2.3:a:ntp:ntp:4.2.7:p430
  • NTP 4.2.7 Patch 431
    cpe:2.3:a:ntp:ntp:4.2.7:p431
  • NTP 4.2.7 Patch 432
    cpe:2.3:a:ntp:ntp:4.2.7:p432
  • NTP 4.2.7 Patch 433
    cpe:2.3:a:ntp:ntp:4.2.7:p433
  • NTP 4.2.7 Patch 434
    cpe:2.3:a:ntp:ntp:4.2.7:p434
  • NTP 4.2.7 Patch 435
    cpe:2.3:a:ntp:ntp:4.2.7:p435
  • NTP 4.2.7 Patch 436
    cpe:2.3:a:ntp:ntp:4.2.7:p436
  • NTP 4.2.7 Patch 437
    cpe:2.3:a:ntp:ntp:4.2.7:p437
  • NTP 4.2.7 Patch 438
    cpe:2.3:a:ntp:ntp:4.2.7:p438
  • NTP 4.2.7 Patch 439
    cpe:2.3:a:ntp:ntp:4.2.7:p439
  • NTP 4.2.7 Patch 44
    cpe:2.3:a:ntp:ntp:4.2.7:p44
  • NTP 4.2.7 Patch 440
    cpe:2.3:a:ntp:ntp:4.2.7:p440
  • NTP 4.2.7 Patch 441
    cpe:2.3:a:ntp:ntp:4.2.7:p441
  • NTP 4.2.7 Patch 442
    cpe:2.3:a:ntp:ntp:4.2.7:p442
  • NTP 4.2.7 Patch 443
    cpe:2.3:a:ntp:ntp:4.2.7:p443
  • NTP 4.2.7 Patch 444
    cpe:2.3:a:ntp:ntp:4.2.7:p444
  • NTP 4.2.7 Patch 445
    cpe:2.3:a:ntp:ntp:4.2.7:p445
  • NTP 4.2.7 Patch 446
    cpe:2.3:a:ntp:ntp:4.2.7:p446
  • NTP 4.2.7 Patch 447
    cpe:2.3:a:ntp:ntp:4.2.7:p447
  • NTP 4.2.7 Patch 448
    cpe:2.3:a:ntp:ntp:4.2.7:p448
  • NTP 4.2.7 Patch 449
    cpe:2.3:a:ntp:ntp:4.2.7:p449
  • NTP 4.2.7 Patch 45
    cpe:2.3:a:ntp:ntp:4.2.7:p45
  • NTP 4.2.7 Patch 450
    cpe:2.3:a:ntp:ntp:4.2.7:p450
  • NTP 4.2.7 Patch 451
    cpe:2.3:a:ntp:ntp:4.2.7:p451
  • NTP 4.2.7 Patch 452
    cpe:2.3:a:ntp:ntp:4.2.7:p452
  • NTP 4.2.7 Patch 453
    cpe:2.3:a:ntp:ntp:4.2.7:p453
  • NTP 4.2.7 Patch 454
    cpe:2.3:a:ntp:ntp:4.2.7:p454
  • NTP 4.2.7 Patch 455
    cpe:2.3:a:ntp:ntp:4.2.7:p455
  • NTP 4.2.7 Patch 456
    cpe:2.3:a:ntp:ntp:4.2.7:p456
  • NTP 4.2.7 Patch 457
    cpe:2.3:a:ntp:ntp:4.2.7:p457
  • NTP 4.2.7 Patch 458
    cpe:2.3:a:ntp:ntp:4.2.7:p458
  • NTP 4.2.7 Patch 459
    cpe:2.3:a:ntp:ntp:4.2.7:p459
  • NTP 4.2.7 Patch 46
    cpe:2.3:a:ntp:ntp:4.2.7:p46
  • NTP 4.2.7 Patch 460
    cpe:2.3:a:ntp:ntp:4.2.7:p460
  • NTP 4.2.7 Patch 461
    cpe:2.3:a:ntp:ntp:4.2.7:p461
  • NTP 4.2.7 Patch 462
    cpe:2.3:a:ntp:ntp:4.2.7:p462
  • NTP 4.2.7 Patch 463
    cpe:2.3:a:ntp:ntp:4.2.7:p463
  • NTP 4.2.7 Patch 464
    cpe:2.3:a:ntp:ntp:4.2.7:p464
  • NTP 4.2.7 Patch 465
    cpe:2.3:a:ntp:ntp:4.2.7:p465
  • NTP 4.2.7 Patch 466
    cpe:2.3:a:ntp:ntp:4.2.7:p466
  • NTP 4.2.7 Patch 467
    cpe:2.3:a:ntp:ntp:4.2.7:p467
  • NTP 4.2.7 Patch 468
    cpe:2.3:a:ntp:ntp:4.2.7:p468
  • NTP 4.2.7 Patch 469
    cpe:2.3:a:ntp:ntp:4.2.7:p469
  • NTP 4.2.7 Patch 47
    cpe:2.3:a:ntp:ntp:4.2.7:p47
  • NTP 4.2.7 Patch 470
    cpe:2.3:a:ntp:ntp:4.2.7:p470
  • NTP 4.2.7 Patch 471
    cpe:2.3:a:ntp:ntp:4.2.7:p471
  • NTP 4.2.7 Patch 472
    cpe:2.3:a:ntp:ntp:4.2.7:p472
  • NTP 4.2.7 Patch 473
    cpe:2.3:a:ntp:ntp:4.2.7:p473
  • NTP 4.2.7 Patch 474
    cpe:2.3:a:ntp:ntp:4.2.7:p474
  • NTP 4.2.7 Patch 475
    cpe:2.3:a:ntp:ntp:4.2.7:p475
  • NTP 4.2.7 Patch 476
    cpe:2.3:a:ntp:ntp:4.2.7:p476
  • NTP 4.2.7 Patch 477
    cpe:2.3:a:ntp:ntp:4.2.7:p477
  • NTP 4.2.7 Patch 478
    cpe:2.3:a:ntp:ntp:4.2.7:p478
  • NTP 4.2.7 Patch 479
    cpe:2.3:a:ntp:ntp:4.2.7:p479
  • NTP 4.2.7 Patch 48
    cpe:2.3:a:ntp:ntp:4.2.7:p48
  • NTP 4.2.7 Patch 480
    cpe:2.3:a:ntp:ntp:4.2.7:p480
  • NTP 4.2.7 Patch 481
    cpe:2.3:a:ntp:ntp:4.2.7:p481
  • NTP 4.2.7 Patch 482
    cpe:2.3:a:ntp:ntp:4.2.7:p482
  • NTP 4.2.7 Patch 483
    cpe:2.3:a:ntp:ntp:4.2.7:p483
  • NTP 4.2.7 Patch 484 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p484_rc1
  • NTP 4.2.7 Patch 485 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p485_rc1
  • NTP 4.2.7 Patch 486 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p486_rc1
  • NTP 4.2.7 Patch 49
    cpe:2.3:a:ntp:ntp:4.2.7:p49
  • NTP 4.2.7 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.7:p5
  • NTP 4.2.7 Patch 50
    cpe:2.3:a:ntp:ntp:4.2.7:p50
  • NTP 4.2.7 Patch 51
    cpe:2.3:a:ntp:ntp:4.2.7:p51
  • NTP 4.2.7 Patch 52
    cpe:2.3:a:ntp:ntp:4.2.7:p52
  • NTP 4.2.7 Patch 53
    cpe:2.3:a:ntp:ntp:4.2.7:p53
  • NTP 4.2.7 Patch 54
    cpe:2.3:a:ntp:ntp:4.2.7:p54
  • NTP 4.2.7 Patch 55
    cpe:2.3:a:ntp:ntp:4.2.7:p55
  • NTP 4.2.7 Patch 56
    cpe:2.3:a:ntp:ntp:4.2.7:p56
  • NTP 4.2.7 Patch 57
    cpe:2.3:a:ntp:ntp:4.2.7:p57
  • NTP 4.2.7 Patch 58
    cpe:2.3:a:ntp:ntp:4.2.7:p58
  • NTP 4.2.7 Patch 59
    cpe:2.3:a:ntp:ntp:4.2.7:p59
  • NTP 4.2.7 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.7:p6
  • NTP 4.2.7 Patch 60
    cpe:2.3:a:ntp:ntp:4.2.7:p60
  • NTP 4.2.7 Patch 61
    cpe:2.3:a:ntp:ntp:4.2.7:p61
  • NTP 4.2.7 Patch 62
    cpe:2.3:a:ntp:ntp:4.2.7:p62
  • NTP 4.2.7 Patch 63
    cpe:2.3:a:ntp:ntp:4.2.7:p63
  • NTP 4.2.7 Patch 64
    cpe:2.3:a:ntp:ntp:4.2.7:p64
  • NTP 4.2.7 Patch 65
    cpe:2.3:a:ntp:ntp:4.2.7:p65
  • NTP 4.2.7 Patch 66
    cpe:2.3:a:ntp:ntp:4.2.7:p66
  • NTP 4.2.7 Patch 67
    cpe:2.3:a:ntp:ntp:4.2.7:p67
  • NTP 4.2.7 Patch 68
    cpe:2.3:a:ntp:ntp:4.2.7:p68
  • NTP 4.2.7 Patch 69
    cpe:2.3:a:ntp:ntp:4.2.7:p69
  • NTP 4.2.7 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.7:p7
  • NTP 4.2.7 Patch 70
    cpe:2.3:a:ntp:ntp:4.2.7:p70
  • NTP 4.2.7 Patch 71
    cpe:2.3:a:ntp:ntp:4.2.7:p71
  • NTP 4.2.7 Patch 72
    cpe:2.3:a:ntp:ntp:4.2.7:p72
  • NTP 4.2.7 Patch 73
    cpe:2.3:a:ntp:ntp:4.2.7:p73
  • NTP 4.2.7 Patch 74
    cpe:2.3:a:ntp:ntp:4.2.7:p74
  • NTP 4.2.7 Patch 75
    cpe:2.3:a:ntp:ntp:4.2.7:p75
  • NTP 4.2.7 Patch 76
    cpe:2.3:a:ntp:ntp:4.2.7:p76
  • NTP 4.2.7 Patch 77
    cpe:2.3:a:ntp:ntp:4.2.7:p77
  • NTP 4.2.7 Patch 78
    cpe:2.3:a:ntp:ntp:4.2.7:p78
  • NTP 4.2.7 Patch 79
    cpe:2.3:a:ntp:ntp:4.2.7:p79
  • NTP 4.2.7 Patch 8
    cpe:2.3:a:ntp:ntp:4.2.7:p8
  • NTP 4.2.7 Patch 80
    cpe:2.3:a:ntp:ntp:4.2.7:p80
  • NTP 4.2.7 Patch 81
    cpe:2.3:a:ntp:ntp:4.2.7:p81
  • NTP 4.2.7 Patch 82
    cpe:2.3:a:ntp:ntp:4.2.7:p82
  • NTP 4.2.7 Patch 83
    cpe:2.3:a:ntp:ntp:4.2.7:p83
  • NTP 4.2.7 Patch 84
    cpe:2.3:a:ntp:ntp:4.2.7:p84
  • NTP 4.2.7 Patch 85
    cpe:2.3:a:ntp:ntp:4.2.7:p85
  • NTP 4.2.7 Patch 86
    cpe:2.3:a:ntp:ntp:4.2.7:p86
  • NTP 4.2.7 Patch 87
    cpe:2.3:a:ntp:ntp:4.2.7:p87
  • NTP 4.2.7 Patch 88
    cpe:2.3:a:ntp:ntp:4.2.7:p88
  • NTP 4.2.7 Patch 89
    cpe:2.3:a:ntp:ntp:4.2.7:p89
  • NTP 4.2.7 Patch 9
    cpe:2.3:a:ntp:ntp:4.2.7:p9
  • NTP 4.2.7 Patch 90
    cpe:2.3:a:ntp:ntp:4.2.7:p90
  • NTP 4.2.7 Patch 91
    cpe:2.3:a:ntp:ntp:4.2.7:p91
  • NTP 4.2.7 Patch 92
    cpe:2.3:a:ntp:ntp:4.2.7:p92
  • NTP 4.2.7 Patch 93
    cpe:2.3:a:ntp:ntp:4.2.7:p93
  • NTP 4.2.7 Patch 94
    cpe:2.3:a:ntp:ntp:4.2.7:p94
  • NTP 4.2.7 Patch 95
    cpe:2.3:a:ntp:ntp:4.2.7:p95
  • NTP 4.2.7 Patch 96
    cpe:2.3:a:ntp:ntp:4.2.7:p96
  • NTP 4.2.7 Patch 97
    cpe:2.3:a:ntp:ntp:4.2.7:p97
  • NTP 4.2.7 Patch 98
    cpe:2.3:a:ntp:ntp:4.2.7:p98
  • NTP 4.2.7 Patch 99
    cpe:2.3:a:ntp:ntp:4.2.7:p99
  • NTP NTP 4.2.7p444
    cpe:2.3:a:ntp:ntp:4.2.7p444
  • NTP NTP 4.2.8
    cpe:2.3:a:ntp:ntp:4.2.8
  • NTP 4.2.8 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1
  • NTP 4.2.8 Patch 1 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta1
  • NTP 4.2.8 Patch 1 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta2
  • NTP 4.2.8 Patch 1 Beta 3
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta3
  • NTP 4.2.8 Patch 1 Beta 4
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta4
  • NTP 4.2.8 Patch 1 Beta5
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta5
  • NTP 4.2.8 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc1
  • NTP 4.2.8 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc2
  • NTP 4.2.8 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2
  • NTP 4.2.8 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc1
  • NTP 4.2.8 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc2
  • NTP 4.2.8 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc3
  • NTP 4.2.8 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3
  • NTP 4.2.8 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc1
  • NTP 4.2.8 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc2
  • NTP 4.2.8 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc3
  • NTP 4.3.0
    cpe:2.3:a:ntp:ntp:4.3.0
  • NTP 4.3.1
    cpe:2.3:a:ntp:ntp:4.3.1
  • NTP 4.3.2
    cpe:2.3:a:ntp:ntp:4.3.2
  • NTP 4.3.3
    cpe:2.3:a:ntp:ntp:4.3.3
  • NTP 4.3.4
    cpe:2.3:a:ntp:ntp:4.3.4
  • NTP 4.3.5
    cpe:2.3:a:ntp:ntp:4.3.5
  • NTP 4.3.6
    cpe:2.3:a:ntp:ntp:4.3.6
  • NTP 4.3.7
    cpe:2.3:a:ntp:ntp:4.3.7
  • NTP 4.3.8
    cpe:2.3:a:ntp:ntp:4.3.8
  • NTP 4.3.9
    cpe:2.3:a:ntp:ntp:4.3.9
  • NTP 4.3.10
    cpe:2.3:a:ntp:ntp:4.3.10
  • NTP 4.3.11
    cpe:2.3:a:ntp:ntp:4.3.11
  • NTP 4.3.12
    cpe:2.3:a:ntp:ntp:4.3.12
  • NTP 4.3.13
    cpe:2.3:a:ntp:ntp:4.3.13
  • NTP 4.3.14
    cpe:2.3:a:ntp:ntp:4.3.14
  • NTP 4.3.15
    cpe:2.3:a:ntp:ntp:4.3.15
  • NTP 4.3.16
    cpe:2.3:a:ntp:ntp:4.3.16
  • NTP 4.3.17
    cpe:2.3:a:ntp:ntp:4.3.17
  • NTP 4.3.18
    cpe:2.3:a:ntp:ntp:4.3.18
  • NTP 4.3.19
    cpe:2.3:a:ntp:ntp:4.3.19
  • NTP 4.3.20
    cpe:2.3:a:ntp:ntp:4.3.20
  • NTP 4.3.21
    cpe:2.3:a:ntp:ntp:4.3.21
  • NTP 4.3.22
    cpe:2.3:a:ntp:ntp:4.3.22
  • NTP 4.3.23
    cpe:2.3:a:ntp:ntp:4.3.23
  • NTP 4.3.24
    cpe:2.3:a:ntp:ntp:4.3.24
  • NTP 4.3.25
    cpe:2.3:a:ntp:ntp:4.3.25
  • NTP 4.3.26
    cpe:2.3:a:ntp:ntp:4.3.26
  • NTP 4.3.27
    cpe:2.3:a:ntp:ntp:4.3.27
  • NTP 4.3.28
    cpe:2.3:a:ntp:ntp:4.3.28
  • NTP 4.3.29
    cpe:2.3:a:ntp:ntp:4.3.29
  • NTP 4.3.30
    cpe:2.3:a:ntp:ntp:4.3.30
  • NTP 4.3.31
    cpe:2.3:a:ntp:ntp:4.3.31
  • NTP 4.3.32
    cpe:2.3:a:ntp:ntp:4.3.32
  • NTP 4.3.33
    cpe:2.3:a:ntp:ntp:4.3.33
  • NTP 4.3.34
    cpe:2.3:a:ntp:ntp:4.3.34
  • NTP 4.3.35
    cpe:2.3:a:ntp:ntp:4.3.35
  • NTP 4.3.36
    cpe:2.3:a:ntp:ntp:4.3.36
  • NTP 4.3.37
    cpe:2.3:a:ntp:ntp:4.3.37
  • NTP 4.3.38
    cpe:2.3:a:ntp:ntp:4.3.38
  • NTP 4.3.39
    cpe:2.3:a:ntp:ntp:4.3.39
  • NTP 4.3.40
    cpe:2.3:a:ntp:ntp:4.3.40
  • NTP 4.3.41
    cpe:2.3:a:ntp:ntp:4.3.41
  • NTP 4.3.42
    cpe:2.3:a:ntp:ntp:4.3.42
  • NTP 4.3.43
    cpe:2.3:a:ntp:ntp:4.3.43
  • NTP 4.3.44
    cpe:2.3:a:ntp:ntp:4.3.44
  • NTP 4.3.45
    cpe:2.3:a:ntp:ntp:4.3.45
  • NTP 4.3.46
    cpe:2.3:a:ntp:ntp:4.3.46
  • NTP 4.3.47
    cpe:2.3:a:ntp:ntp:4.3.47
  • NTP 4.3.48
    cpe:2.3:a:ntp:ntp:4.3.48
  • NTP 4.3.49
    cpe:2.3:a:ntp:ntp:4.3.49
  • NTP 4.3.50
    cpe:2.3:a:ntp:ntp:4.3.50
  • NTP 4.3.51
    cpe:2.3:a:ntp:ntp:4.3.51
  • NTP 4.3.52
    cpe:2.3:a:ntp:ntp:4.3.52
  • NTP 4.3.53
    cpe:2.3:a:ntp:ntp:4.3.53
  • NTP 4.3.54
    cpe:2.3:a:ntp:ntp:4.3.54
  • NTP 4.3.55
    cpe:2.3:a:ntp:ntp:4.3.55
  • NTP 4.3.56
    cpe:2.3:a:ntp:ntp:4.3.56
  • NTP 4.3.57
    cpe:2.3:a:ntp:ntp:4.3.57
  • NTP 4.3.58
    cpe:2.3:a:ntp:ntp:4.3.58
  • NTP 4.3.59
    cpe:2.3:a:ntp:ntp:4.3.59
  • NTP 4.3.60
    cpe:2.3:a:ntp:ntp:4.3.60
  • NTP 4.3.61
    cpe:2.3:a:ntp:ntp:4.3.61
  • NTP 4.3.62
    cpe:2.3:a:ntp:ntp:4.3.62
  • NTP 4.3.63
    cpe:2.3:a:ntp:ntp:4.3.63
  • NTP 4.3.64
    cpe:2.3:a:ntp:ntp:4.3.64
  • NTP 4.3.65
    cpe:2.3:a:ntp:ntp:4.3.65
  • NTP 4.3.66
    cpe:2.3:a:ntp:ntp:4.3.66
  • NTP 4.3.67
    cpe:2.3:a:ntp:ntp:4.3.67
  • NTP 4.3.68
    cpe:2.3:a:ntp:ntp:4.3.68
  • NTP 4.3.69
    cpe:2.3:a:ntp:ntp:4.3.69
  • NTP 4.3.70
    cpe:2.3:a:ntp:ntp:4.3.70
  • NTP 4.3.71
    cpe:2.3:a:ntp:ntp:4.3.71
  • NTP 4.3.72
    cpe:2.3:a:ntp:ntp:4.3.72
  • NTP 4.3.73
    cpe:2.3:a:ntp:ntp:4.3.73
  • NTP 4.3.74
    cpe:2.3:a:ntp:ntp:4.3.74
  • NTP 4.3.75
    cpe:2.3:a:ntp:ntp:4.3.75
  • NTP 4.3.76
    cpe:2.3:a:ntp:ntp:4.3.76
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-287
CAPEC
  • Authentication Abuse
    An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Utilizing REST's Trust in the System Resource to Register Man in the Middle
    This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
metasploit via4
description Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephemeral symmetric peers by bypassing the authentication required to mobilize peer associations. This module sends these Crypto-NAK packets in order to establish an association between the target ntpd instance and the attacking client. The end goal is to cause ntpd to declare the legitimate peers "false tickers" and choose the attacking clients as the preferred peers, allowing these peers to control time.
id MSF:AUXILIARY/SCANNER/NTP/NTP_NAK_TO_THE_FUTURE
last seen 2019-03-26
modified 2019-03-05
published 2015-10-28
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb
title NTP "NAK to the Future"
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201604-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201604-03 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 90380
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90380
    title GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1311-1.NASL
    description This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues : Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) Major functional changes : - The 'sntp' commandline tool changed its option handling in a major way. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes : - ntp-signd is installed. - 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option. - 'kod' was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. These security issues were fixed : - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 91248
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91248
    title SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201607-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201607-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 92485
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92485
    title GLSA-201607-15 : NTP: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1247-1.NASL
    description ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes : - The 'sntp' commandline tool changed its option handling in a major way, some options have been renamed or dropped. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes : - ntp-signd is installed. - 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option. - 'kod' was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90991
    published 2016-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90991
    title SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-649.NASL
    description This update for ntp fixes the following issues : - Update to 4.2.8p7 (boo#977446) : - CVE-2016-1547, boo#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. - CVE-2016-1548, boo#977461: Interleave-pivot - CVE-2016-1549, boo#977451: Sybil vulnerability: ephemeral association attack. - CVE-2016-1550, boo#977464: Improve NTP security against buffer comparison timing attacks. - CVE-2016-1551, boo#977450: Refclock impersonation vulnerability - CVE-2016-2516, boo#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. - CVE-2016-2517, boo#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. - CVE-2016-2518, boo#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. - CVE-2016-2519, boo#977458: ctl_getitem() return value not always checked. - integrate ntp-fork.patch - Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf (boo#957226). - Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. (fate#320758). - Fix ntp-sntp-dst.patch (boo#975496). - Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318) - Speedup ntpq (boo#782060, ntp-speedup-ntpq.patch). - Sync service files with openSUSE Factory. - Fix the TZ offset output of sntp during DST (boo#951559). - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Update to 4.2.8p6 : - CVE-2015-8158, boo#962966: Potential Infinite Loop in ntpq. - CVE-2015-8138, boo#963002: origin: Zero Origin Timestamp Bypass. - CVE-2015-7979, boo#962784: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. - CVE-2015-7978, boo#963000: Stack exhaustion in recursive traversal of restriction list. - CVE-2015-7977, boo#962970: reslist NULL pointer dereference. - CVE-2015-7976, boo#962802: ntpq saveconfig command allows dangerous characters in filenames. - CVE-2015-7975, boo#962988: nextvar() missing length check. - CVE-2015-7974, boo#962960: Skeleton Key: Missing key check allows impersonation between authenticated peers. - CVE-2015-7973, boo#962995: Deja Vu: Replay attack on authenticated broadcast mode. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5300, boo#951629: Small-step/Big-step. - Add /var/db/ntp-kod (boo#916617). - Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (boo#956773). - add ntp.bug2965.diff (boo#954982) - fixes regression in 4.2.8p4 update - Update to 4.2.8p4 to fix several security issues (boo#951608) : - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values - CVE-2015-7854: Password Length Memory Corruption Vulnerability - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow - CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability - CVE-2015-7851 saveconfig Directory Traversal Vulnerability - CVE-2015-7850 remote config logfile-keyfile - CVE-2015-7849 trusted key use-after-free - CVE-2015-7848 mode 7 loop counter underrun - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC - CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - Temporarily disable memlock to avoid problems due to high memory usage during name resolution (boo#946386, ntp-memlock.patch). - Use SHA1 instead of MD5 for symmetric keys (boo#905885). - Improve runtime configuration : - Read keytype from ntp.conf - Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (boo#942587). - Remove 'kod' from the restrict line in ntp.conf (boo#944300). - Use ntpq instead of deprecated ntpdc in start-ntpd (boo#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add 'addserver' as a new legacy action. - Fix the comment regarding addserver in ntp.conf (boo#910063). - Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (boo#926510). - Enable ntpdc for backwards compatibility (boo#920238). - Security fix: ntp-keygen may generate non-random symmetric keys
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 91403
    published 2016-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91403
    title openSUSE Security Update : ntp (openSUSE-2016-649)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2783-1.NASL
    description Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5146) Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5194) Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5195) Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or overwrite certain files. (CVE-2015-5196, CVE-2015-7703) Miroslav Lichvar discovered that NTP incorrectly handled certain packets. A remote attacker could possibly use this issue to cause NTP to hang, resulting in a denial of service. (CVE-2015-5219) Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. A remote attacker could possibly use this issue to alter the system time on clients. (CVE-2015-5300) It was discovered that NTP incorrectly handled autokey data packets. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) It was discovered that NTP incorrectly handled memory when processing certain autokey messages. A remote attacker could possibly use this issue to cause NTP to consume memory, resulting in a denial of service. (CVE-2015-7701) Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705) Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service. (CVE-2015-7850) Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7852) Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853) John D 'Doug' Birdwell discovered that NTP incorrectly handled decoding certain bogus values. An attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7855) Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. A remote attacker could use this issue to possibly bypass authentication and alter the system clock. (CVE-2015-7871) In the default installation, attackers would be isolated by the NTP AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86630
    published 2015-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86630
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-F5F5EC7B6B.NASL
    description Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 89461
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89461
    title Fedora 23 : ntp-4.2.6p5-34.fc23 (2015-f5f5ec7b6b)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-335.NASL
    description Several security issues where found in ntp : CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if : - ntpd enabled remote configuration - The attacker had the knowledge of the configuration password - The attacker had access to a computer entrusted to perform remote configuration Note that remote configuration is disabled by default in NTP. CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. CVE-2015-5195 It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command CVE-2015-5219 It was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. CVE-2015-5300 It was found that ntpd did not correctly implement the -g option: Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. If a man-in-the-middle attacker can control the NTP traffic since ntpd was started (or maybe up to 15-30 minutes after that), they can prevent the client from reaching the sync state and force it to step its clock by any amount any number of times, which can be used by attackers to expire certificates, etc. This is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow. CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. CVE-2015-7701 A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. CVE-2015-7703 Miroslav Lichvár of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example: ntpq -c ':config pidfile /tmp/ntp.pid' ntpq -c ':config driftfile /tmp/ntp.drift' In Debian ntpd is configured to drop root privileges, which limits the impact of this issue. CVE-2015-7704 When ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. An off-path attacker can send a crafted KoD packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server. CVE-2015-7850 An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability. CVE-2015-7851 A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a path traversal potentially resulting in files being overwritten. An attacker could provide a malicious path to trigger this vulnerability. This issue does not affect Debian. CVE-2015-7852 A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. CVE-2015-7855 It was found that NTP's decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd. CVE-2015-7871 An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off­-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto­-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 86640
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86640
    title Debian DLA-335-1 : ntp security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3388.NASL
    description Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : - CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if : - ntpd enabled remote configuration - The attacker had the knowledge of the configuration password - The attacker had access to a computer entrusted to perform remote configuration Note that remote configuration is disabled by default in NTP. - CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. - CVE-2015-5195 It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command. - CVE-2015-5219 It was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. - CVE-2015-5300 It was found that ntpd did not correctly implement the -g option : Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. If a man-in-the-middle attacker can control the NTP traffic since ntpd was started (or maybe up to 15-30 minutes after that), they can prevent the client from reaching the sync state and force it to step its clock by any amount any number of times, which can be used by attackers to expire certificates, etc. This is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow. - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. - CVE-2015-7701 A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. - CVE-2015-7703 Miroslav Lichvar of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example : ntpq -c ':config pidfile /tmp/ntp.pid'ntpq -c ':config driftfile /tmp/ntp.drift' In Debian ntpd is configured to drop root privileges, which limits the impact of this issue. - CVE-2015-7704 If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. An off-path attacker can send a crafted KoD packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server. - CVE-2015-7850 An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a malicious configuration file to trigger this vulnerability. - CVE-2015-7852 A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. - CVE-2015-7855 It was found that NTP's decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd. - CVE-2015-7871 An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86682
    published 2015-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86682
    title Debian DSA-3388-1 : ntp - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2058-1.NASL
    description This ntp update provides the following security and non security fixes : - Update to 4.2.8p4 to fix several security issues (bsc#951608) : - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values - CVE-2015-7854: Password Length Memory Corruption Vulnerability - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow - CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability - CVE-2015-7851 saveconfig Directory Traversal Vulnerability - CVE-2015-7850 remote config logfile-keyfile - CVE-2015-7849 trusted key use-after-free - CVE-2015-7848 mode 7 loop counter underrun - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC - CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Improve runtime configuration : - Read keytype from ntp.conf - Don't write ntp keys to syslog. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Fix the comment regarding addserver in ntp.conf (bnc#910063). - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove 'kod' from the restrict line in ntp.conf (bsc#944300). - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Require perl-Socket6 (bsc#942441). - Fix incomplete backporting of 'rcntp ntptimemset'. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87010
    published 2015-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87010
    title SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)
  • NASL family Misc.
    NASL id NTP_4_2_8P4.NASL
    description The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ntp_crypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to disclose sensitive information or cause a denial of service. (CVE-2015-7691) - A denial of service vulnerability exists in the autokey functionality due to a failure in the crypto_bob2(), crypto_bob3(), and cert_sign() functions to properly validate the 'vallen' value. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7692) - A denial of service vulnerability exists in the crypto_recv() function in the file ntp_crypto.c related to autokey functionality. An unauthenticated, remote attacker can exploit this, via an ongoing flood of NTPv4 autokey requests, to exhaust memory resources. (CVE-2015-7701) - A denial of service vulnerability exists due to improper validation of packets containing certain autokey operations. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7702) - A flaw exists related to the handling of the 'config:' command. An authenticated, remote attacker can exploit this to set the 'pidfile' and 'driftfile' directives without restrictions, thus allowing the attacker to overwrite arbitrary files. Note that exploitation of this issue requires that remote configuration is enabled for ntpd. (CVE-2015-7703) - A denial of service vulnerability exists due improper validation of the origin timestamp when handling Kiss-of-Death (KoD) packets. An unauthenticated, remote attacker can exploit this to stop the client from querying its servers, preventing it from updating its clock. (CVE-2015-7704) - A denial of service vulnerability exists due to improper implementation of rate-limiting when handling server queries. An unauthenticated, remote attacker can exploit this to stop the client from querying its servers, preventing it from updating its clock. (CVE-2015-7705) - A denial of service vulnerability exists due to an integer overflow condition in the reset_peer() function in the file ntp_request.c when handling private mode packets having request code RESET_PEER (0x16). An authenticated, remote attacker can exploit this to crash the NTP service. Note that exploitation of this issue requires that ntpd is configured to enable mode 7 packets, and that the mode 7 packets are not properly protected by available authentication and restriction mechanisms. (CVE-2015-7848) - A use-after-free error exists in the auth_delkeys() function in the file authkeys.c when handling trusted keys. An authenticated, remote attacker can exploit this to dereference already freed memory, resulting in a crash of the NTP service or the execution of arbitrary code. (CVE-2015-7849) - A denial of service vulnerability exists due to a logic flaw in the authreadkeys() function in the file authreadkeys.c when handling extended logging where the log and key files are set to be the same file. An authenticated, remote attacker can exploit this, via a crafted set of remote configuration requests, to cause the NTP service to stop responding. (CVE-2015-7850) - A flaw exists in the save_config() function in the file ntp_control.c due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this issue, via a crafted set of configuration requests, to overwrite arbitrary files. Note that this issue only affects VMS systems and requires that ntpd is configured to allow remote configuration. (CVE-2015-7851) - A denial of service vulnerability exists due to an off-by-one overflow condition in the cookedprint() function in the file ntpq.c when handling mode 6 response packets. An unauthenticated, remote attacker can exploit this to crash the NTP service. (CVE-2015-7852) - A overflow condition exists in the read_refclock_packet() function in the file ntp_io.c when handling negative data lengths. A local attacker can exploit this to crash the NTP service or possibly gain elevated privileges. (CVE-2015-7853) - A heap-based overflow condition exists in function MD5auth_setkey() in the file authkeys.c when handling passwords. An authenticated, remote attacker can exploit this, via a crafted set of configuration requests, to crash the NTP service or possibly execute arbitrary code. (CVE-2015-7854) - A denial of service vulnerability exists due to an assertion flaw in the decodenetnum() function in the file decodenetnum.c when handling long data values in mode 6 and 7 packets. An unauthenticated, remote attacker can exploit this to crash the NTP service. (CVE-2015-7855) - An authentication bypass vulnerability exists in the receive() function in the file ntp_proto.c when handling crypto-NAK packets. An unauthenticated, remote attacker can exploit this to cause the service to accept time from unauthenticated, ephemeral symmetric peers. (CVE-2015-7871)
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 86631
    published 2015-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86631
    title Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C4A18A1277FC11E5A687206A8A720317.NASL
    description ntp.org reports : NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015 : - Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG) - Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA) - Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS) - Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS) - Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS) - Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS) - Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS) - Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS) - Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS) - Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable) - Bug 2902 : CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally. (RedHat) - Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University) - Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable) The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4. Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here : - Bug 2382 : Peer precision < -31 gives division by zero - Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL - Bug 1593 : ntpd abort in free() with logconfig syntax error
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86519
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86519
    title FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL17518.NASL
    description This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 88439
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88439
    title F5 Networks BIG-IP : NTP vulnerability (SOL17518)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-34BC10A2C8.NASL
    description Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158 ---- Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 89510
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89510
    title Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-607.NASL
    description It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704) It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300) It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. (CVE-2015-7691 , CVE-2015-7692 , CVE-2015-7702) A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. (CVE-2015-7852) A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 86638
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86638
    title Amazon Linux AMI : ntp (ALAS-2015-607)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-767.NASL
    description This ntp update provides the following security and non security fixes : - Update to 4.2.8p4 to fix several security issues (bsc#951608) : - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values - CVE-2015-7854: Password Length Memory Corruption Vulnerability - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow - CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability - CVE-2015-7851 saveconfig Directory Traversal Vulnerability - CVE-2015-7850 remote config logfile-keyfile - CVE-2015-7849 trusted key use-after-free - CVE-2015-7848 mode 7 loop counter underrun - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC - CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 86964
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86964
    title openSUSE Security Update : ntp (openSUSE-2015-767)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-77BFBC1BCD.NASL
    description Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 ---- Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 89288
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89288
    title Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)
  • NASL family Firewalls
    NASL id PFSENSE_SA-15_08.NASL
    description According to its self-reported version number, the remote pfSense install is prior to 2.2.5. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 106497
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106497
    title pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1912-1.NASL
    description NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package. These security issues were fixed : CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065). CVE-2016-4954: Processing spoofed server packets (bsc#982066). CVE-2016-4955: Autokey association reset (bsc#982067). CVE-2016-4956: Broadcast interleave (bsc#982068). CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459). CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461). CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451). CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464). CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452). CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455). CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966). CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802). CVE-2015-7975: nextvar() missing length check (bsc#962988). CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton' key (bsc#962960). CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629). CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218). CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611). CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611). CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611). CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611). CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611). CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#952611). CVE-2015-7850: Clients that receive a KoD now validate the origin timestamp field (bsc#952611). CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611). CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611). CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611). CVE-2015-7703: Configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#943221). CVE-2015-7704: Clients that receive a KoD should validate the origin timestamp field (bsc#952611). CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#952611). CVE-2015-7691: Incomplete autokey data packet length checks (bsc#952611). CVE-2015-7692: Incomplete autokey data packet length checks (bsc#952611). CVE-2015-7702: Incomplete autokey data packet length checks (bsc#952611). CVE-2015-1798: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC field has a nonzero length, which made it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (bsc#924202). CVE-2015-1799: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP performed state-variable updates upon receiving certain invalid packets, which made it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (bsc#924202). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93186
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93186
    title SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-302-03.NASL
    description New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 86664
    published 2015-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86664
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-302-03)
refmap via4
bid 77287
confirm
debian DSA-3388
gentoo
  • GLSA-201604-03
  • GLSA-201607-15
sectrack 1033951
talos via4
id TALOS-2015-0069
last seen 2018-08-31
published 2015-10-21
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2015-0069
title NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Last major update 07-08-2017 - 16:29
Published 07-08-2017 - 16:29
Last modified 09-11-2017 - 21:29
Back to Top