ID CVE-2016-4957
Summary ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
References
Vulnerable Configurations
  • Oracle Solaris 10
    cpe:2.3:o:oracle:solaris:10
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp2
    cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp2
  • cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp3
    cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp3
  • cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4
    cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1
  • Novell SUSE Linux Enterprise Server 11.0 Service Pack 2 Long Term Service Pack Support
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:-:-:ltss
  • Novell SUSE Linux Enterprise Server 11.0 Service Pack 3 Long Term Service Pack Support
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:-:-:ltss
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4
  • Novell SUSE Linux Enterprise Server 12.0 Service Pack 1
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1
  • Novell SUSE Manager 2.1
    cpe:2.3:o:novell:suse_manager:2.1
  • Novell SUSE Manager Proxy 2.1
    cpe:2.3:o:novell:suse_manager_proxy:2.1
  • Novell SUSE OpenStack Cloud 5
    cpe:2.3:o:novell:suse_openstack_cloud:5
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • NTP 4.0.72
    cpe:2.3:a:ntp:ntp:4.0.72
  • NTP 4.0.73
    cpe:2.3:a:ntp:ntp:4.0.73
  • NTP 4.0.90
    cpe:2.3:a:ntp:ntp:4.0.90
  • NTP 4.0.91
    cpe:2.3:a:ntp:ntp:4.0.91
  • NTP 4.0.92
    cpe:2.3:a:ntp:ntp:4.0.92
  • NTP 4.0.93
    cpe:2.3:a:ntp:ntp:4.0.93
  • NTP 4.0.94
    cpe:2.3:a:ntp:ntp:4.0.94
  • NTP 4.0.95
    cpe:2.3:a:ntp:ntp:4.0.95
  • NTP 4.0.96
    cpe:2.3:a:ntp:ntp:4.0.96
  • NTP 4.0.97
    cpe:2.3:a:ntp:ntp:4.0.97
  • NTP 4.0.98
    cpe:2.3:a:ntp:ntp:4.0.98
  • NTP 4.0.99
    cpe:2.3:a:ntp:ntp:4.0.99
  • NTP 4.1.0
    cpe:2.3:a:ntp:ntp:4.1.0
  • NTP 4.1.2
    cpe:2.3:a:ntp:ntp:4.1.2
  • NTP 4.2.0
    cpe:2.3:a:ntp:ntp:4.2.0
  • NTP 4.2.2
    cpe:2.3:a:ntp:ntp:4.2.2
  • NTP 4.2.2 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.2:p1
  • NTP 4.2.2 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.2:p2
  • NTP 4.2.2 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.2:p3
  • NTP 4.2.2 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.2:p4
  • NTP 4.2.4
    cpe:2.3:a:ntp:ntp:4.2.4
  • NTP 4.2.4 Patch 0
    cpe:2.3:a:ntp:ntp:4.2.4:p0
  • NTP 4.2.4 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.4:p1
  • NTP 4.2.4 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.4:p2
  • NTP 4.2.4 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.4:p3
  • NTP 4.2.4 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.4:p4
  • NTP 4.2.4 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.4:p5
  • NTP 4.2.4 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.4:p6
  • NTP 4.2.4 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.4:p7
  • NTP 4.2.4 Patch 7 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc1
  • NTP 4.2.4 Patch 7 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc2
  • NTP 4.2.4 Patch 7 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc3
  • NTP 4.2.4 Patch 7 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc4
  • NTP 4.2.4 Patch 7 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc5
  • NTP 4.2.4 Patch 7 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc6
  • NTP 4.2.4 Patch 7 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.4:p7_rc7
  • NTP 4.2.4 Patch 8
    cpe:2.3:a:ntp:ntp:4.2.4:p8
  • NTP 4.2.5 Patch 124
    cpe:2.3:a:ntp:ntp:4.2.5:p124
  • NTP 4.2.5 Patch 125
    cpe:2.3:a:ntp:ntp:4.2.5:p125
  • NTP 4.2.5 Patch 126
    cpe:2.3:a:ntp:ntp:4.2.5:p126
  • NTP 4.2.5 Patch 127
    cpe:2.3:a:ntp:ntp:4.2.5:p127
  • NTP 4.2.5 Patch 128
    cpe:2.3:a:ntp:ntp:4.2.5:p128
  • NTP 4.2.5 Patch 129
    cpe:2.3:a:ntp:ntp:4.2.5:p129
  • NTP 4.2.5 Patch 130
    cpe:2.3:a:ntp:ntp:4.2.5:p130
  • NTP 4.2.5 Patch 131
    cpe:2.3:a:ntp:ntp:4.2.5:p131
  • NTP 4.2.5 Patch 132
    cpe:2.3:a:ntp:ntp:4.2.5:p132
  • NTP 4.2.5 Patch 133
    cpe:2.3:a:ntp:ntp:4.2.5:p133
  • NTP 4.2.5 Patch 134
    cpe:2.3:a:ntp:ntp:4.2.5:p134
  • NTP 4.2.5 Patch 135
    cpe:2.3:a:ntp:ntp:4.2.5:p135
  • NTP 4.2.5 Patch 136
    cpe:2.3:a:ntp:ntp:4.2.5:p136
  • NTP 4.2.5 Patch 137
    cpe:2.3:a:ntp:ntp:4.2.5:p137
  • NTP 4.2.5 Patch 138
    cpe:2.3:a:ntp:ntp:4.2.5:p138
  • NTP 4.2.5 Patch 139
    cpe:2.3:a:ntp:ntp:4.2.5:p139
  • NTP 4.2.5 Patch 140
    cpe:2.3:a:ntp:ntp:4.2.5:p140
  • NTP 4.2.5 Patch 141
    cpe:2.3:a:ntp:ntp:4.2.5:p141
  • NTP 4.2.5 Patch 142
    cpe:2.3:a:ntp:ntp:4.2.5:p142
  • NTP 4.2.5 Patch 143
    cpe:2.3:a:ntp:ntp:4.2.5:p143
  • NTP 4.2.5 Patch 144
    cpe:2.3:a:ntp:ntp:4.2.5:p144
  • NTP 4.2.5 Patch 145
    cpe:2.3:a:ntp:ntp:4.2.5:p145
  • NTP 4.2.5 Patch 146
    cpe:2.3:a:ntp:ntp:4.2.5:p146
  • NTP 4.2.5 Patch 147
    cpe:2.3:a:ntp:ntp:4.2.5:p147
  • NTP 4.2.5 Patch 148
    cpe:2.3:a:ntp:ntp:4.2.5:p148
  • NTP 4.2.5 Patch 149
    cpe:2.3:a:ntp:ntp:4.2.5:p149
  • NTP 4.2.5 Patch 150
    cpe:2.3:a:ntp:ntp:4.2.5:p150
  • NTP 4.2.5 Patch 151
    cpe:2.3:a:ntp:ntp:4.2.5:p151
  • NTP 4.2.5 Patch 152
    cpe:2.3:a:ntp:ntp:4.2.5:p152
  • NTP 4.2.5 Patch 153
    cpe:2.3:a:ntp:ntp:4.2.5:p153
  • NTP 4.2.5 Patch 154
    cpe:2.3:a:ntp:ntp:4.2.5:p154
  • NTP 4.2.5 Patch 155
    cpe:2.3:a:ntp:ntp:4.2.5:p155
  • NTP 4.2.5 Patch 156
    cpe:2.3:a:ntp:ntp:4.2.5:p156
  • NTP 4.2.5 Patch 157
    cpe:2.3:a:ntp:ntp:4.2.5:p157
  • NTP 4.2.5 Patch 158
    cpe:2.3:a:ntp:ntp:4.2.5:p158
  • NTP 4.2.5 Patch 159
    cpe:2.3:a:ntp:ntp:4.2.5:p159
  • NTP 4.2.5 Patch 160
    cpe:2.3:a:ntp:ntp:4.2.5:p160
  • NTP 4.2.5 Patch 161
    cpe:2.3:a:ntp:ntp:4.2.5:p161
  • NTP 4.2.5 Patch 162
    cpe:2.3:a:ntp:ntp:4.2.5:p162
  • NTP 4.2.5 Patch 163
    cpe:2.3:a:ntp:ntp:4.2.5:p163
  • NTP 4.2.5 Patch 164
    cpe:2.3:a:ntp:ntp:4.2.5:p164
  • NTP 4.2.5 Patch 165
    cpe:2.3:a:ntp:ntp:4.2.5:p165
  • NTP 4.2.5 Patch 166
    cpe:2.3:a:ntp:ntp:4.2.5:p166
  • NTP 4.2.5 Patch 167
    cpe:2.3:a:ntp:ntp:4.2.5:p167
  • NTP 4.2.5 Patch 168
    cpe:2.3:a:ntp:ntp:4.2.5:p168
  • NTP 4.2.5 Patch 169
    cpe:2.3:a:ntp:ntp:4.2.5:p169
  • NTP 4.2.5 Patch 170
    cpe:2.3:a:ntp:ntp:4.2.5:p170
  • NTP 4.2.5 Patch 171
    cpe:2.3:a:ntp:ntp:4.2.5:p171
  • NTP 4.2.5 Patch 172
    cpe:2.3:a:ntp:ntp:4.2.5:p172
  • NTP 4.2.5 Patch 173
    cpe:2.3:a:ntp:ntp:4.2.5:p173
  • NTP 4.2.5 Patch 174
    cpe:2.3:a:ntp:ntp:4.2.5:p174
  • NTP 4.2.5 Patch 175
    cpe:2.3:a:ntp:ntp:4.2.5:p175
  • NTP 4.2.5 Patch 176
    cpe:2.3:a:ntp:ntp:4.2.5:p176
  • NTP 4.2.5 Patch 177
    cpe:2.3:a:ntp:ntp:4.2.5:p177
  • NTP 4.2.5 Patch 178
    cpe:2.3:a:ntp:ntp:4.2.5:p178
  • NTP 4.2.5 Patch 179
    cpe:2.3:a:ntp:ntp:4.2.5:p179
  • NTP 4.2.5 Patch 180
    cpe:2.3:a:ntp:ntp:4.2.5:p180
  • NTP 4.2.5 Patch 181
    cpe:2.3:a:ntp:ntp:4.2.5:p181
  • NTP 4.2.5 Patch 182
    cpe:2.3:a:ntp:ntp:4.2.5:p182
  • NTP 4.2.5 Patch 183
    cpe:2.3:a:ntp:ntp:4.2.5:p183
  • NTP 4.2.5 Patch 184
    cpe:2.3:a:ntp:ntp:4.2.5:p184
  • NTP 4.2.5 Patch 185
    cpe:2.3:a:ntp:ntp:4.2.5:p185
  • NTP 4.2.5 Patch 186
    cpe:2.3:a:ntp:ntp:4.2.5:p186
  • NTP 4.2.5 Patch 187
    cpe:2.3:a:ntp:ntp:4.2.5:p187
  • NTP 4.2.5 Patch 188
    cpe:2.3:a:ntp:ntp:4.2.5:p188
  • NTP 4.2.5 Patch 189
    cpe:2.3:a:ntp:ntp:4.2.5:p189
  • NTP 4.2.5 Patch 190
    cpe:2.3:a:ntp:ntp:4.2.5:p190
  • NTP 4.2.5 Patch 191
    cpe:2.3:a:ntp:ntp:4.2.5:p191
  • NTP 4.2.5 Patch 192
    cpe:2.3:a:ntp:ntp:4.2.5:p192
  • NTP 4.2.5 Patch 193
    cpe:2.3:a:ntp:ntp:4.2.5:p193
  • NTP 4.2.5 Patch 194
    cpe:2.3:a:ntp:ntp:4.2.5:p194
  • NTP 4.2.5 Patch 195
    cpe:2.3:a:ntp:ntp:4.2.5:p195
  • NTP 4.2.5 Patch 196
    cpe:2.3:a:ntp:ntp:4.2.5:p196
  • NTP 4.2.5 Patch 197
    cpe:2.3:a:ntp:ntp:4.2.5:p197
  • NTP 4.2.5 Patch 198
    cpe:2.3:a:ntp:ntp:4.2.5:p198
  • NTP 4.2.5 Patch 199
    cpe:2.3:a:ntp:ntp:4.2.5:p199
  • NTP 4.2.5 Patch 200
    cpe:2.3:a:ntp:ntp:4.2.5:p200
  • NTP 4.2.5 Patch 201
    cpe:2.3:a:ntp:ntp:4.2.5:p201
  • NTP 4.2.5 Patch 202
    cpe:2.3:a:ntp:ntp:4.2.5:p202
  • NTP 4.2.5 Patch 203
    cpe:2.3:a:ntp:ntp:4.2.5:p203
  • NTP 4.2.5 Patch 204
    cpe:2.3:a:ntp:ntp:4.2.5:p204
  • NTP 4.2.5 Patch 205
    cpe:2.3:a:ntp:ntp:4.2.5:p205
  • NTP 4.2.5 Patch 206
    cpe:2.3:a:ntp:ntp:4.2.5:p206
  • NTP 4.2.5 Patch 207
    cpe:2.3:a:ntp:ntp:4.2.5:p207
  • NTP 4.2.5 Patch 208
    cpe:2.3:a:ntp:ntp:4.2.5:p208
  • NTP 4.2.5 Patch 209
    cpe:2.3:a:ntp:ntp:4.2.5:p209
  • NTP 4.2.5 Patch 210
    cpe:2.3:a:ntp:ntp:4.2.5:p210
  • NTP 4.2.5 Patch 211
    cpe:2.3:a:ntp:ntp:4.2.5:p211
  • NTP 4.2.5 Patch 212
    cpe:2.3:a:ntp:ntp:4.2.5:p212
  • NTP 4.2.5 Patch 213
    cpe:2.3:a:ntp:ntp:4.2.5:p213
  • NTP 4.2.5 Patch 214
    cpe:2.3:a:ntp:ntp:4.2.5:p214
  • NTP 4.2.5 Patch 215
    cpe:2.3:a:ntp:ntp:4.2.5:p215
  • NTP 4.2.5 Patch 216
    cpe:2.3:a:ntp:ntp:4.2.5:p216
  • NTP 4.2.5 Patch 217
    cpe:2.3:a:ntp:ntp:4.2.5:p217
  • NTP 4.2.5 Patch 218
    cpe:2.3:a:ntp:ntp:4.2.5:p218
  • NTP 4.2.5 Patch 219
    cpe:2.3:a:ntp:ntp:4.2.5:p219
  • NTP 4.2.5 Patch 220
    cpe:2.3:a:ntp:ntp:4.2.5:p220
  • NTP 4.2.5 Patch 221
    cpe:2.3:a:ntp:ntp:4.2.5:p221
  • NTP 4.2.5 Patch 222
    cpe:2.3:a:ntp:ntp:4.2.5:p222
  • NTP 4.2.5 Patch 223
    cpe:2.3:a:ntp:ntp:4.2.5:p223
  • NTP 4.2.5 Patch 224
    cpe:2.3:a:ntp:ntp:4.2.5:p224
  • NTP 4.2.5 Patch 225
    cpe:2.3:a:ntp:ntp:4.2.5:p225
  • NTP 4.2.5 Patch 226
    cpe:2.3:a:ntp:ntp:4.2.5:p226
  • NTP 4.2.5 Patch 227
    cpe:2.3:a:ntp:ntp:4.2.5:p227
  • NTP 4.2.5 Patch 228
    cpe:2.3:a:ntp:ntp:4.2.5:p228
  • NTP 4.2.5 Patch 229
    cpe:2.3:a:ntp:ntp:4.2.5:p229
  • NTP 4.2.5 Patch 230
    cpe:2.3:a:ntp:ntp:4.2.5:p230
  • NTP 4.2.5 Patch 231 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1
  • NTP 4.2.5 Patch 232 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1
  • NTP 4.2.5 Patch 233 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1
  • NTP 4.2.5 Patch 234 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1
  • NTP 4.2.5 Patch 235 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1
  • NTP 4.2.5 Patch 236 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1
  • NTP 4.2.5 Patch 237 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1
  • NTP 4.2.5 Patch 238 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1
  • NTP 4.2.5 Patch 239 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1
  • NTP 4.2.5 Patch 240 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1
  • NTP 4.2.5 Patch 241 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1
  • NTP 4.2.5 Patch 242 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1
  • NTP 4.2.5 Patch 243 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1
  • NTP 4.2.5 Patch 244 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1
  • NTP 4.2.5 Patch 245 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1
  • NTP 4.2.5 Patch 246 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1
  • NTP 4.2.5 Patch 247 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1
  • NTP 4.2.5 Patch 248 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1
  • NTP 4.2.5 Patch 249 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1
  • NTP 4.2.5 Patch 250 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1
  • NTP 4.2.6
    cpe:2.3:a:ntp:ntp:4.2.6
  • NTP 4.2.6 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.6:p1
  • NTP 4.2.6 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc1
  • NTP 4.2.6 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc2
  • NTP 4.2.6 Patch 1 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc3
  • NTP 4.2.6 Patch 1 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc4
  • NTP 4.2.6 Patch 1 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc5
  • NTP 4.2.6 Patch 1 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc6
  • NTP 4.2.6 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.6:p2
  • NTP 4.2.6 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc1
  • NTP 4.2.6 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc2
  • NTP 4.2.6 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc3
  • NTP 4.2.6 Patch 2 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc4
  • NTP 4.2.6 Patch 2 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc5
  • NTP 4.2.6 Patch 2 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc6
  • NTP 4.2.6 Patch 2 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc7
  • NTP 4.2.6 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.6:p3
  • NTP 4.2.6 Patch 3 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.6:p3_beta1
  • NTP 4.2.6 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc1
  • NTP 4.2.6 Patch 3 Release Candidate 10
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc10
  • NTP 4.2.6 Patch 3 Release Candidate 11
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc11
  • NTP 4.2.6 Patch 3 Release Candidate 12
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc12
  • NTP 4.2.6 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc2
  • NTP 4.2.6 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc3
  • NTP 4.2.6 Patch 3 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc4
  • NTP 4.2.6 Patch 3 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc5
  • NTP 4.2.6 Patch 3 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc6
  • NTP 4.2.6 Patch 3 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc7
  • NTP 4.2.6 Patch 3 Release Candidate 8
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc8
  • NTP 4.2.6 Patch 3 Release Candidate 9
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc9
  • NTP 4.2.6 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.6:p4
  • NTP 4.2.6 Patch 4 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.6:p4_beta1
  • NTP 4.2.6 Patch 4 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.6:p4_beta2
  • NTP 4.2.6 Patch 4 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p4_rc1
  • NTP 4.2.6 Patch 4 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p4_rc2
  • NTP 4.2.6 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.6:p5
  • NTP 4.2.6 Patch 5 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc1
  • NTP 4.2.6 Patch 5 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc2
  • NTP 4.2.6 Patch 5 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc3
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
  • NTP 4.2.7 Patch 0
    cpe:2.3:a:ntp:ntp:4.2.7:p0
  • NTP 4.2.7 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.7:p1
  • NTP 4.2.7 Patch 10
    cpe:2.3:a:ntp:ntp:4.2.7:p10
  • NTP 4.2.7 Patch 100
    cpe:2.3:a:ntp:ntp:4.2.7:p100
  • NTP 4.2.7 Patch 101
    cpe:2.3:a:ntp:ntp:4.2.7:p101
  • NTP 4.2.7 Patch 102
    cpe:2.3:a:ntp:ntp:4.2.7:p102
  • NTP 4.2.7 Patch 103
    cpe:2.3:a:ntp:ntp:4.2.7:p103
  • NTP 4.2.7 Patch 104
    cpe:2.3:a:ntp:ntp:4.2.7:p104
  • NTP 4.2.7 Patch 105
    cpe:2.3:a:ntp:ntp:4.2.7:p105
  • NTP 4.2.7 Patch 106
    cpe:2.3:a:ntp:ntp:4.2.7:p106
  • NTP 4.2.7 Patch 107
    cpe:2.3:a:ntp:ntp:4.2.7:p107
  • NTP 4.2.7 Patch 108
    cpe:2.3:a:ntp:ntp:4.2.7:p108
  • NTP 4.2.7 Patch 109
    cpe:2.3:a:ntp:ntp:4.2.7:p109
  • NTP 4.2.7 Patch 11
    cpe:2.3:a:ntp:ntp:4.2.7:p11
  • NTP 4.2.7 Patch 110
    cpe:2.3:a:ntp:ntp:4.2.7:p110
  • NTP 4.2.7 Patch 111
    cpe:2.3:a:ntp:ntp:4.2.7:p111
  • NTP 4.2.7 Patch 112
    cpe:2.3:a:ntp:ntp:4.2.7:p112
  • NTP 4.2.7 Patch 113
    cpe:2.3:a:ntp:ntp:4.2.7:p113
  • NTP 4.2.7 Patch 114
    cpe:2.3:a:ntp:ntp:4.2.7:p114
  • NTP 4.2.7 Patch 115
    cpe:2.3:a:ntp:ntp:4.2.7:p115
  • NTP 4.2.7 Patch 116
    cpe:2.3:a:ntp:ntp:4.2.7:p116
  • NTP 4.2.7 Patch 117
    cpe:2.3:a:ntp:ntp:4.2.7:p117
  • NTP 4.2.7 Patch 118
    cpe:2.3:a:ntp:ntp:4.2.7:p118
  • NTP 4.2.7 Patch 119
    cpe:2.3:a:ntp:ntp:4.2.7:p119
  • NTP 4.2.7 Patch 12
    cpe:2.3:a:ntp:ntp:4.2.7:p12
  • NTP 4.2.7 Patch 120
    cpe:2.3:a:ntp:ntp:4.2.7:p120
  • NTP 4.2.7 Patch 121
    cpe:2.3:a:ntp:ntp:4.2.7:p121
  • NTP 4.2.7 Patch 122
    cpe:2.3:a:ntp:ntp:4.2.7:p122
  • NTP 4.2.7 Patch 123
    cpe:2.3:a:ntp:ntp:4.2.7:p123
  • NTP 4.2.7 Patch 124
    cpe:2.3:a:ntp:ntp:4.2.7:p124
  • NTP 4.2.7 Patch 125
    cpe:2.3:a:ntp:ntp:4.2.7:p125
  • NTP 4.2.7 Patch 126
    cpe:2.3:a:ntp:ntp:4.2.7:p126
  • NTP 4.2.7 Patch 127
    cpe:2.3:a:ntp:ntp:4.2.7:p127
  • NTP 4.2.7 Patch 128
    cpe:2.3:a:ntp:ntp:4.2.7:p128
  • NTP 4.2.7 Patch 129
    cpe:2.3:a:ntp:ntp:4.2.7:p129
  • NTP 4.2.7 Patch 13
    cpe:2.3:a:ntp:ntp:4.2.7:p13
  • NTP 4.2.7 Patch 130
    cpe:2.3:a:ntp:ntp:4.2.7:p130
  • NTP 4.2.7 Patch 131
    cpe:2.3:a:ntp:ntp:4.2.7:p131
  • NTP 4.2.7 Patch 132
    cpe:2.3:a:ntp:ntp:4.2.7:p132
  • NTP 4.2.7 Patch 133
    cpe:2.3:a:ntp:ntp:4.2.7:p133
  • NTP 4.2.7 Patch 134
    cpe:2.3:a:ntp:ntp:4.2.7:p134
  • NTP 4.2.7 Patch 135
    cpe:2.3:a:ntp:ntp:4.2.7:p135
  • NTP 4.2.7 Patch 136
    cpe:2.3:a:ntp:ntp:4.2.7:p136
  • NTP 4.2.7 Patch 137
    cpe:2.3:a:ntp:ntp:4.2.7:p137
  • NTP 4.2.7 Patch 138
    cpe:2.3:a:ntp:ntp:4.2.7:p138
  • NTP 4.2.7 Patch 139
    cpe:2.3:a:ntp:ntp:4.2.7:p139
  • NTP 4.2.7 Patch 14
    cpe:2.3:a:ntp:ntp:4.2.7:p14
  • NTP 4.2.7 Patch 140
    cpe:2.3:a:ntp:ntp:4.2.7:p140
  • NTP 4.2.7 Patch 141
    cpe:2.3:a:ntp:ntp:4.2.7:p141
  • NTP 4.2.7 Patch 142
    cpe:2.3:a:ntp:ntp:4.2.7:p142
  • NTP 4.2.7 Patch 143
    cpe:2.3:a:ntp:ntp:4.2.7:p143
  • NTP 4.2.7 Patch 144
    cpe:2.3:a:ntp:ntp:4.2.7:p144
  • NTP 4.2.7 Patch 145
    cpe:2.3:a:ntp:ntp:4.2.7:p145
  • NTP 4.2.7 Patch 146
    cpe:2.3:a:ntp:ntp:4.2.7:p146
  • NTP 4.2.7 Patch 147
    cpe:2.3:a:ntp:ntp:4.2.7:p147
  • NTP 4.2.7 Patch 148
    cpe:2.3:a:ntp:ntp:4.2.7:p148
  • NTP 4.2.7 Patch 149
    cpe:2.3:a:ntp:ntp:4.2.7:p149
  • NTP 4.2.7 Patch 15
    cpe:2.3:a:ntp:ntp:4.2.7:p15
  • NTP 4.2.7 Patch 150
    cpe:2.3:a:ntp:ntp:4.2.7:p150
  • NTP 4.2.7 Patch 151
    cpe:2.3:a:ntp:ntp:4.2.7:p151
  • NTP 4.2.7 Patch 152
    cpe:2.3:a:ntp:ntp:4.2.7:p152
  • NTP 4.2.7 Patch 153
    cpe:2.3:a:ntp:ntp:4.2.7:p153
  • NTP 4.2.7 Patch 154
    cpe:2.3:a:ntp:ntp:4.2.7:p154
  • NTP 4.2.7 Patch 155
    cpe:2.3:a:ntp:ntp:4.2.7:p155
  • NTP 4.2.7 Patch 156
    cpe:2.3:a:ntp:ntp:4.2.7:p156
  • NTP 4.2.7 Patch 157
    cpe:2.3:a:ntp:ntp:4.2.7:p157
  • NTP 4.2.7 Patch 158
    cpe:2.3:a:ntp:ntp:4.2.7:p158
  • NTP 4.2.7 Patch 159
    cpe:2.3:a:ntp:ntp:4.2.7:p159
  • NTP 4.2.7 Patch 16
    cpe:2.3:a:ntp:ntp:4.2.7:p16
  • NTP 4.2.7 Patch 160
    cpe:2.3:a:ntp:ntp:4.2.7:p160
  • NTP 4.2.7 Patch 161
    cpe:2.3:a:ntp:ntp:4.2.7:p161
  • NTP 4.2.7 Patch 162
    cpe:2.3:a:ntp:ntp:4.2.7:p162
  • NTP 4.2.7 Patch 163
    cpe:2.3:a:ntp:ntp:4.2.7:p163
  • NTP 4.2.7 Patch 164
    cpe:2.3:a:ntp:ntp:4.2.7:p164
  • NTP 4.2.7 Patch 165
    cpe:2.3:a:ntp:ntp:4.2.7:p165
  • NTP 4.2.7 Patch 166
    cpe:2.3:a:ntp:ntp:4.2.7:p166
  • NTP 4.2.7 Patch 17
    cpe:2.3:a:ntp:ntp:4.2.7:p17
  • NTP 4.2.7 Patch 170
    cpe:2.3:a:ntp:ntp:4.2.7:p170
  • NTP 4.2.7 Patch 171
    cpe:2.3:a:ntp:ntp:4.2.7:p171
  • NTP 4.2.7 Patch 172
    cpe:2.3:a:ntp:ntp:4.2.7:p172
  • NTP 4.2.7 Patch 173
    cpe:2.3:a:ntp:ntp:4.2.7:p173
  • NTP 4.2.7 Patch 174
    cpe:2.3:a:ntp:ntp:4.2.7:p174
  • NTP 4.2.7 Patch 175
    cpe:2.3:a:ntp:ntp:4.2.7:p175
  • NTP 4.2.7 Patch 176
    cpe:2.3:a:ntp:ntp:4.2.7:p176
  • NTP 4.2.7 Patch 177
    cpe:2.3:a:ntp:ntp:4.2.7:p177
  • NTP 4.2.7 Patch 178
    cpe:2.3:a:ntp:ntp:4.2.7:p178
  • NTP 4.2.7 Patch 179
    cpe:2.3:a:ntp:ntp:4.2.7:p179
  • NTP 4.2.7 Patch 18
    cpe:2.3:a:ntp:ntp:4.2.7:p18
  • NTP 4.2.7 Patch 180
    cpe:2.3:a:ntp:ntp:4.2.7:p180
  • NTP 4.2.7 Patch 181
    cpe:2.3:a:ntp:ntp:4.2.7:p181
  • NTP 4.2.7 Patch 182
    cpe:2.3:a:ntp:ntp:4.2.7:p182
  • NTP 4.2.7 Patch 183
    cpe:2.3:a:ntp:ntp:4.2.7:p183
  • NTP 4.2.7 Patch 184
    cpe:2.3:a:ntp:ntp:4.2.7:p184
  • NTP 4.2.7 Patch 185
    cpe:2.3:a:ntp:ntp:4.2.7:p185
  • NTP 4.2.7 Patch 186
    cpe:2.3:a:ntp:ntp:4.2.7:p186
  • NTP 4.2.7 Patch 187
    cpe:2.3:a:ntp:ntp:4.2.7:p187
  • NTP 4.2.7 Patch 188
    cpe:2.3:a:ntp:ntp:4.2.7:p188
  • NTP 4.2.7 Patch 189
    cpe:2.3:a:ntp:ntp:4.2.7:p189
  • NTP 4.2.7 Patch 19
    cpe:2.3:a:ntp:ntp:4.2.7:p19
  • NTP 4.2.7 Patch 190
    cpe:2.3:a:ntp:ntp:4.2.7:p190
  • NTP 4.2.7 Patch 191
    cpe:2.3:a:ntp:ntp:4.2.7:p191
  • NTP 4.2.7 Patch 192
    cpe:2.3:a:ntp:ntp:4.2.7:p192
  • NTP 4.2.7 Patch 193
    cpe:2.3:a:ntp:ntp:4.2.7:p193
  • NTP 4.2.7 Patch 194
    cpe:2.3:a:ntp:ntp:4.2.7:p194
  • NTP 4.2.7 Patch 195
    cpe:2.3:a:ntp:ntp:4.2.7:p195
  • NTP 4.2.7 Patch 196
    cpe:2.3:a:ntp:ntp:4.2.7:p196
  • NTP 4.2.7 Patch 197
    cpe:2.3:a:ntp:ntp:4.2.7:p197
  • NTP 4.2.7 Patch 198
    cpe:2.3:a:ntp:ntp:4.2.7:p198
  • NTP 4.2.7 Patch 199
    cpe:2.3:a:ntp:ntp:4.2.7:p199
  • NTP 4.2.7 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.7:p2
  • NTP 4.2.7 Patch 20
    cpe:2.3:a:ntp:ntp:4.2.7:p20
  • NTP 4.2.7 Patch 200
    cpe:2.3:a:ntp:ntp:4.2.7:p200
  • NTP 4.2.7 Patch 201
    cpe:2.3:a:ntp:ntp:4.2.7:p201
  • NTP 4.2.7 Patch 202
    cpe:2.3:a:ntp:ntp:4.2.7:p202
  • NTP 4.2.7 Patch 203
    cpe:2.3:a:ntp:ntp:4.2.7:p203
  • NTP 4.2.7 Patch 204
    cpe:2.3:a:ntp:ntp:4.2.7:p204
  • NTP 4.2.7 Patch 205
    cpe:2.3:a:ntp:ntp:4.2.7:p205
  • NTP 4.2.7 Patch 206
    cpe:2.3:a:ntp:ntp:4.2.7:p206
  • NTP 4.2.7 Patch 207
    cpe:2.3:a:ntp:ntp:4.2.7:p207
  • NTP 4.2.7 Patch 208
    cpe:2.3:a:ntp:ntp:4.2.7:p208
  • NTP 4.2.7 Patch 209
    cpe:2.3:a:ntp:ntp:4.2.7:p209
  • NTP 4.2.7 Patch 21
    cpe:2.3:a:ntp:ntp:4.2.7:p21
  • NTP 4.2.7 Patch 210
    cpe:2.3:a:ntp:ntp:4.2.7:p210
  • NTP 4.2.7 Patch 211
    cpe:2.3:a:ntp:ntp:4.2.7:p211
  • NTP 4.2.7 Patch 212
    cpe:2.3:a:ntp:ntp:4.2.7:p212
  • NTP 4.2.7 Patch 213
    cpe:2.3:a:ntp:ntp:4.2.7:p213
  • NTP 4.2.7 Patch 214
    cpe:2.3:a:ntp:ntp:4.2.7:p214
  • NTP 4.2.7 Patch 215
    cpe:2.3:a:ntp:ntp:4.2.7:p215
  • NTP 4.2.7 Patch 216
    cpe:2.3:a:ntp:ntp:4.2.7:p216
  • NTP 4.2.7 Patch 217
    cpe:2.3:a:ntp:ntp:4.2.7:p217
  • NTP 4.2.7 Patch 218
    cpe:2.3:a:ntp:ntp:4.2.7:p218
  • NTP 4.2.7 Patch 219
    cpe:2.3:a:ntp:ntp:4.2.7:p219
  • NTP 4.2.7 Patch 22
    cpe:2.3:a:ntp:ntp:4.2.7:p22
  • NTP 4.2.7 Patch 220
    cpe:2.3:a:ntp:ntp:4.2.7:p220
  • NTP 4.2.7 Patch 221
    cpe:2.3:a:ntp:ntp:4.2.7:p221
  • NTP 4.2.7 Patch 222
    cpe:2.3:a:ntp:ntp:4.2.7:p222
  • NTP 4.2.7 Patch 223
    cpe:2.3:a:ntp:ntp:4.2.7:p223
  • NTP 4.2.7 Patch 224
    cpe:2.3:a:ntp:ntp:4.2.7:p224
  • NTP 4.2.7 Patch 225
    cpe:2.3:a:ntp:ntp:4.2.7:p225
  • NTP 4.2.7 Patch 226
    cpe:2.3:a:ntp:ntp:4.2.7:p226
  • NTP 4.2.7 Patch 227
    cpe:2.3:a:ntp:ntp:4.2.7:p227
  • NTP 4.2.7 Patch 228
    cpe:2.3:a:ntp:ntp:4.2.7:p228
  • NTP 4.2.7 Patch 229
    cpe:2.3:a:ntp:ntp:4.2.7:p229
  • NTP 4.2.7 Patch 23
    cpe:2.3:a:ntp:ntp:4.2.7:p23
  • NTP 4.2.7 Patch 230
    cpe:2.3:a:ntp:ntp:4.2.7:p230
  • NTP 4.2.7 Patch 231
    cpe:2.3:a:ntp:ntp:4.2.7:p231
  • NTP 4.2.7 Patch 232
    cpe:2.3:a:ntp:ntp:4.2.7:p232
  • NTP 4.2.7 Patch 233
    cpe:2.3:a:ntp:ntp:4.2.7:p233
  • NTP 4.2.7 Patch 234
    cpe:2.3:a:ntp:ntp:4.2.7:p234
  • NTP 4.2.7 Patch 235
    cpe:2.3:a:ntp:ntp:4.2.7:p235
  • NTP 4.2.7 Patch 236
    cpe:2.3:a:ntp:ntp:4.2.7:p236
  • NTP 4.2.7 Patch 237
    cpe:2.3:a:ntp:ntp:4.2.7:p237
  • NTP 4.2.7 Patch 238
    cpe:2.3:a:ntp:ntp:4.2.7:p238
  • NTP 4.2.7 Patch 239
    cpe:2.3:a:ntp:ntp:4.2.7:p239
  • NTP 4.2.7 Patch 24
    cpe:2.3:a:ntp:ntp:4.2.7:p24
  • NTP 4.2.7 Patch 240
    cpe:2.3:a:ntp:ntp:4.2.7:p240
  • NTP 4.2.7 Patch 241
    cpe:2.3:a:ntp:ntp:4.2.7:p241
  • NTP 4.2.7 Patch 242
    cpe:2.3:a:ntp:ntp:4.2.7:p242
  • NTP 4.2.7 Patch 243
    cpe:2.3:a:ntp:ntp:4.2.7:p243
  • NTP 4.2.7 Patch 244
    cpe:2.3:a:ntp:ntp:4.2.7:p244
  • NTP 4.2.7 Patch 245
    cpe:2.3:a:ntp:ntp:4.2.7:p245
  • NTP 4.2.7 Patch 246
    cpe:2.3:a:ntp:ntp:4.2.7:p246
  • NTP 4.2.7 Patch 247
    cpe:2.3:a:ntp:ntp:4.2.7:p247
  • NTP 4.2.7 Patch 248
    cpe:2.3:a:ntp:ntp:4.2.7:p248
  • NTP 4.2.7 Patch 249
    cpe:2.3:a:ntp:ntp:4.2.7:p249
  • NTP 4.2.7 Patch 25
    cpe:2.3:a:ntp:ntp:4.2.7:p25
  • NTP 4.2.7 Patch 250
    cpe:2.3:a:ntp:ntp:4.2.7:p250
  • NTP 4.2.7 Patch 251
    cpe:2.3:a:ntp:ntp:4.2.7:p251
  • NTP 4.2.7 Patch 252
    cpe:2.3:a:ntp:ntp:4.2.7:p252
  • NTP 4.2.7 Patch 253
    cpe:2.3:a:ntp:ntp:4.2.7:p253
  • NTP 4.2.7 Patch 254
    cpe:2.3:a:ntp:ntp:4.2.7:p254
  • NTP 4.2.7 Patch 255
    cpe:2.3:a:ntp:ntp:4.2.7:p255
  • NTP 4.2.7 Patch 256
    cpe:2.3:a:ntp:ntp:4.2.7:p256
  • NTP 4.2.7 Patch 257
    cpe:2.3:a:ntp:ntp:4.2.7:p257
  • NTP 4.2.7 Patch 258
    cpe:2.3:a:ntp:ntp:4.2.7:p258
  • NTP 4.2.7 Patch 259
    cpe:2.3:a:ntp:ntp:4.2.7:p259
  • NTP 4.2.7 Patch 26
    cpe:2.3:a:ntp:ntp:4.2.7:p26
  • NTP 4.2.7 Patch 260
    cpe:2.3:a:ntp:ntp:4.2.7:p260
  • NTP 4.2.7 Patch 261
    cpe:2.3:a:ntp:ntp:4.2.7:p261
  • NTP 4.2.7 Patch 262
    cpe:2.3:a:ntp:ntp:4.2.7:p262
  • NTP 4.2.7 Patch 263
    cpe:2.3:a:ntp:ntp:4.2.7:p263
  • NTP 4.2.7 Patch 264
    cpe:2.3:a:ntp:ntp:4.2.7:p264
  • NTP 4.2.7 Patch 265
    cpe:2.3:a:ntp:ntp:4.2.7:p265
  • NTP 4.2.7 Patch 266
    cpe:2.3:a:ntp:ntp:4.2.7:p266
  • NTP 4.2.7 Patch 267
    cpe:2.3:a:ntp:ntp:4.2.7:p267
  • NTP 4.2.7 Patch 268
    cpe:2.3:a:ntp:ntp:4.2.7:p268
  • NTP 4.2.7 Patch 269
    cpe:2.3:a:ntp:ntp:4.2.7:p269
  • NTP 4.2.7 Patch 27
    cpe:2.3:a:ntp:ntp:4.2.7:p27
  • NTP 4.2.7 Patch 270
    cpe:2.3:a:ntp:ntp:4.2.7:p270
  • NTP 4.2.7 Patch 271
    cpe:2.3:a:ntp:ntp:4.2.7:p271
  • NTP 4.2.7 Patch 272
    cpe:2.3:a:ntp:ntp:4.2.7:p272
  • NTP 4.2.7 Patch 273
    cpe:2.3:a:ntp:ntp:4.2.7:p273
  • NTP 4.2.7 Patch 274
    cpe:2.3:a:ntp:ntp:4.2.7:p274
  • NTP 4.2.7 Patch 275
    cpe:2.3:a:ntp:ntp:4.2.7:p275
  • NTP 4.2.7 Patch 276
    cpe:2.3:a:ntp:ntp:4.2.7:p276
  • NTP 4.2.7 Patch 277
    cpe:2.3:a:ntp:ntp:4.2.7:p277
  • NTP 4.2.7 Patch 278
    cpe:2.3:a:ntp:ntp:4.2.7:p278
  • NTP 4.2.7 Patch 279
    cpe:2.3:a:ntp:ntp:4.2.7:p279
  • NTP 4.2.7 Patch 28
    cpe:2.3:a:ntp:ntp:4.2.7:p28
  • NTP 4.2.7 Patch 280
    cpe:2.3:a:ntp:ntp:4.2.7:p280
  • NTP 4.2.7 Patch 281
    cpe:2.3:a:ntp:ntp:4.2.7:p281
  • NTP 4.2.7 Patch 282
    cpe:2.3:a:ntp:ntp:4.2.7:p282
  • NTP 4.2.7 Patch 283
    cpe:2.3:a:ntp:ntp:4.2.7:p283
  • NTP 4.2.7 Patch 284
    cpe:2.3:a:ntp:ntp:4.2.7:p284
  • NTP 4.2.7 Patch 285
    cpe:2.3:a:ntp:ntp:4.2.7:p285
  • NTP 4.2.7 Patch 286
    cpe:2.3:a:ntp:ntp:4.2.7:p286
  • NTP 4.2.7 Patch 287
    cpe:2.3:a:ntp:ntp:4.2.7:p287
  • NTP 4.2.7 Patch 288
    cpe:2.3:a:ntp:ntp:4.2.7:p288
  • NTP 4.2.7 Patch 289
    cpe:2.3:a:ntp:ntp:4.2.7:p289
  • NTP 4.2.7 Patch 29
    cpe:2.3:a:ntp:ntp:4.2.7:p29
  • NTP 4.2.7 Patch 290
    cpe:2.3:a:ntp:ntp:4.2.7:p290
  • NTP 4.2.7 Patch 291
    cpe:2.3:a:ntp:ntp:4.2.7:p291
  • NTP 4.2.7 Patch 292
    cpe:2.3:a:ntp:ntp:4.2.7:p292
  • NTP 4.2.7 Patch 293
    cpe:2.3:a:ntp:ntp:4.2.7:p293
  • NTP 4.2.7 Patch 294
    cpe:2.3:a:ntp:ntp:4.2.7:p294
  • NTP 4.2.7 Patch 295
    cpe:2.3:a:ntp:ntp:4.2.7:p295
  • NTP 4.2.7 Patch 296
    cpe:2.3:a:ntp:ntp:4.2.7:p296
  • NTP 4.2.7 Patch 297
    cpe:2.3:a:ntp:ntp:4.2.7:p297
  • NTP 4.2.7 Patch 298
    cpe:2.3:a:ntp:ntp:4.2.7:p298
  • NTP 4.2.7 Patch 299
    cpe:2.3:a:ntp:ntp:4.2.7:p299
  • NTP 4.2.7 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.7:p3
  • NTP 4.2.7 Patch 30
    cpe:2.3:a:ntp:ntp:4.2.7:p30
  • NTP 4.2.7 Patch 300
    cpe:2.3:a:ntp:ntp:4.2.7:p300
  • NTP 4.2.7 Patch 301
    cpe:2.3:a:ntp:ntp:4.2.7:p301
  • NTP 4.2.7 Patch 302
    cpe:2.3:a:ntp:ntp:4.2.7:p302
  • NTP 4.2.7 Patch 303
    cpe:2.3:a:ntp:ntp:4.2.7:p303
  • NTP 4.2.7 Patch 304
    cpe:2.3:a:ntp:ntp:4.2.7:p304
  • NTP 4.2.7 Patch 305
    cpe:2.3:a:ntp:ntp:4.2.7:p305
  • NTP 4.2.7 Patch 306
    cpe:2.3:a:ntp:ntp:4.2.7:p306
  • NTP 4.2.7 Patch 307
    cpe:2.3:a:ntp:ntp:4.2.7:p307
  • NTP 4.2.7 Patch 308
    cpe:2.3:a:ntp:ntp:4.2.7:p308
  • NTP 4.2.7 Patch 309
    cpe:2.3:a:ntp:ntp:4.2.7:p309
  • NTP 4.2.7 Patch 31
    cpe:2.3:a:ntp:ntp:4.2.7:p31
  • NTP 4.2.7 Patch 310
    cpe:2.3:a:ntp:ntp:4.2.7:p310
  • NTP 4.2.7 Patch 311
    cpe:2.3:a:ntp:ntp:4.2.7:p311
  • NTP 4.2.7 Patch 312
    cpe:2.3:a:ntp:ntp:4.2.7:p312
  • NTP 4.2.7 Patch 313
    cpe:2.3:a:ntp:ntp:4.2.7:p313
  • NTP 4.2.7 Patch 314
    cpe:2.3:a:ntp:ntp:4.2.7:p314
  • NTP 4.2.7 Patch 315
    cpe:2.3:a:ntp:ntp:4.2.7:p315
  • NTP 4.2.7 Patch 316
    cpe:2.3:a:ntp:ntp:4.2.7:p316
  • NTP 4.2.7 Patch 317
    cpe:2.3:a:ntp:ntp:4.2.7:p317
  • NTP 4.2.7 Patch 318
    cpe:2.3:a:ntp:ntp:4.2.7:p318
  • NTP 4.2.7 Patch 319
    cpe:2.3:a:ntp:ntp:4.2.7:p319
  • NTP 4.2.7 Patch 32
    cpe:2.3:a:ntp:ntp:4.2.7:p32
  • NTP 4.2.7 Patch 320
    cpe:2.3:a:ntp:ntp:4.2.7:p320
  • NTP 4.2.7 Patch 321
    cpe:2.3:a:ntp:ntp:4.2.7:p321
  • NTP 4.2.7 Patch 322
    cpe:2.3:a:ntp:ntp:4.2.7:p322
  • NTP 4.2.7 Patch 323
    cpe:2.3:a:ntp:ntp:4.2.7:p323
  • NTP 4.2.7 Patch 324
    cpe:2.3:a:ntp:ntp:4.2.7:p324
  • NTP 4.2.7 Patch 325
    cpe:2.3:a:ntp:ntp:4.2.7:p325
  • NTP 4.2.7 Patch 326
    cpe:2.3:a:ntp:ntp:4.2.7:p326
  • NTP 4.2.7 Patch 327
    cpe:2.3:a:ntp:ntp:4.2.7:p327
  • NTP 4.2.7 Patch 328
    cpe:2.3:a:ntp:ntp:4.2.7:p328
  • NTP 4.2.7 Patch 329
    cpe:2.3:a:ntp:ntp:4.2.7:p329
  • NTP 4.2.7 Patch 33
    cpe:2.3:a:ntp:ntp:4.2.7:p33
  • NTP 4.2.7 Patch 330
    cpe:2.3:a:ntp:ntp:4.2.7:p330
  • NTP 4.2.7 Patch 331
    cpe:2.3:a:ntp:ntp:4.2.7:p331
  • NTP 4.2.7 Patch 332
    cpe:2.3:a:ntp:ntp:4.2.7:p332
  • NTP 4.2.7 Patch 333
    cpe:2.3:a:ntp:ntp:4.2.7:p333
  • NTP 4.2.7 Patch 334
    cpe:2.3:a:ntp:ntp:4.2.7:p334
  • NTP 4.2.7 Patch 335
    cpe:2.3:a:ntp:ntp:4.2.7:p335
  • NTP 4.2.7 Patch 336
    cpe:2.3:a:ntp:ntp:4.2.7:p336
  • NTP 4.2.7 Patch 337
    cpe:2.3:a:ntp:ntp:4.2.7:p337
  • NTP 4.2.7 Patch 338
    cpe:2.3:a:ntp:ntp:4.2.7:p338
  • NTP 4.2.7 Patch 339
    cpe:2.3:a:ntp:ntp:4.2.7:p339
  • NTP 4.2.7 Patch 34
    cpe:2.3:a:ntp:ntp:4.2.7:p34
  • NTP 4.2.7 Patch 340
    cpe:2.3:a:ntp:ntp:4.2.7:p340
  • NTP 4.2.7 Patch 341
    cpe:2.3:a:ntp:ntp:4.2.7:p341
  • NTP 4.2.7 Patch 342
    cpe:2.3:a:ntp:ntp:4.2.7:p342
  • NTP 4.2.7 Patch 343
    cpe:2.3:a:ntp:ntp:4.2.7:p343
  • NTP 4.2.7 Patch 344
    cpe:2.3:a:ntp:ntp:4.2.7:p344
  • NTP 4.2.7 Patch 345
    cpe:2.3:a:ntp:ntp:4.2.7:p345
  • NTP 4.2.7 Patch 346
    cpe:2.3:a:ntp:ntp:4.2.7:p346
  • NTP 4.2.7 Patch 347
    cpe:2.3:a:ntp:ntp:4.2.7:p347
  • NTP 4.2.7 Patch 348
    cpe:2.3:a:ntp:ntp:4.2.7:p348
  • NTP 4.2.7 Patch 349
    cpe:2.3:a:ntp:ntp:4.2.7:p349
  • NTP 4.2.7 Patch 35
    cpe:2.3:a:ntp:ntp:4.2.7:p35
  • NTP 4.2.7 Patch 350
    cpe:2.3:a:ntp:ntp:4.2.7:p350
  • NTP 4.2.7 Patch 351
    cpe:2.3:a:ntp:ntp:4.2.7:p351
  • NTP 4.2.7 Patch 352
    cpe:2.3:a:ntp:ntp:4.2.7:p352
  • NTP 4.2.7 Patch 353
    cpe:2.3:a:ntp:ntp:4.2.7:p353
  • NTP 4.2.7 Patch 354
    cpe:2.3:a:ntp:ntp:4.2.7:p354
  • NTP 4.2.7 Patch 355
    cpe:2.3:a:ntp:ntp:4.2.7:p355
  • NTP 4.2.7 Patch 356
    cpe:2.3:a:ntp:ntp:4.2.7:p356
  • NTP 4.2.7 Patch 357
    cpe:2.3:a:ntp:ntp:4.2.7:p357
  • NTP 4.2.7 Patch 358
    cpe:2.3:a:ntp:ntp:4.2.7:p358
  • NTP 4.2.7 Patch 359
    cpe:2.3:a:ntp:ntp:4.2.7:p359
  • NTP 4.2.7 Patch 36
    cpe:2.3:a:ntp:ntp:4.2.7:p36
  • NTP 4.2.7 Patch 360
    cpe:2.3:a:ntp:ntp:4.2.7:p360
  • NTP 4.2.7 Patch 361
    cpe:2.3:a:ntp:ntp:4.2.7:p361
  • NTP 4.2.7 Patch 362
    cpe:2.3:a:ntp:ntp:4.2.7:p362
  • NTP 4.2.7 Patch 363
    cpe:2.3:a:ntp:ntp:4.2.7:p363
  • NTP 4.2.7 Patch 364
    cpe:2.3:a:ntp:ntp:4.2.7:p364
  • NTP 4.2.7 Patch 365
    cpe:2.3:a:ntp:ntp:4.2.7:p365
  • NTP 4.2.7 Patch 366
    cpe:2.3:a:ntp:ntp:4.2.7:p366
  • NTP 4.2.7 Patch 367
    cpe:2.3:a:ntp:ntp:4.2.7:p367
  • NTP 4.2.7 Patch 368
    cpe:2.3:a:ntp:ntp:4.2.7:p368
  • NTP 4.2.7 Patch 369
    cpe:2.3:a:ntp:ntp:4.2.7:p369
  • NTP 4.2.7 Patch 37
    cpe:2.3:a:ntp:ntp:4.2.7:p37
  • NTP 4.2.7 Patch 370
    cpe:2.3:a:ntp:ntp:4.2.7:p370
  • NTP 4.2.7 Patch 371
    cpe:2.3:a:ntp:ntp:4.2.7:p371
  • NTP 4.2.7 Patch 372
    cpe:2.3:a:ntp:ntp:4.2.7:p372
  • NTP 4.2.7 Patch 373
    cpe:2.3:a:ntp:ntp:4.2.7:p373
  • NTP 4.2.7 Patch 374
    cpe:2.3:a:ntp:ntp:4.2.7:p374
  • NTP 4.2.7 Patch 375
    cpe:2.3:a:ntp:ntp:4.2.7:p375
  • NTP 4.2.7 Patch 376
    cpe:2.3:a:ntp:ntp:4.2.7:p376
  • NTP 4.2.7 Patch 377
    cpe:2.3:a:ntp:ntp:4.2.7:p377
  • NTP 4.2.7 Patch 378
    cpe:2.3:a:ntp:ntp:4.2.7:p378
  • NTP 4.2.7 Patch 379
    cpe:2.3:a:ntp:ntp:4.2.7:p379
  • NTP 4.2.7 Patch 38
    cpe:2.3:a:ntp:ntp:4.2.7:p38
  • NTP 4.2.7 Patch 380
    cpe:2.3:a:ntp:ntp:4.2.7:p380
  • NTP 4.2.7 Patch 381
    cpe:2.3:a:ntp:ntp:4.2.7:p381
  • NTP 4.2.7 Patch 382
    cpe:2.3:a:ntp:ntp:4.2.7:p382
  • NTP 4.2.7 Patch 383
    cpe:2.3:a:ntp:ntp:4.2.7:p383
  • NTP 4.2.7 Patch 384
    cpe:2.3:a:ntp:ntp:4.2.7:p384
  • NTP 4.2.7 Patch 385
    cpe:2.3:a:ntp:ntp:4.2.7:p385
  • NTP 4.2.7 Patch 386
    cpe:2.3:a:ntp:ntp:4.2.7:p386
  • NTP 4.2.7 Patch 387
    cpe:2.3:a:ntp:ntp:4.2.7:p387
  • NTP 4.2.7 Patch 388
    cpe:2.3:a:ntp:ntp:4.2.7:p388
  • NTP 4.2.7 Patch 389
    cpe:2.3:a:ntp:ntp:4.2.7:p389
  • NTP 4.2.7 Patch 39
    cpe:2.3:a:ntp:ntp:4.2.7:p39
  • NTP 4.2.7 Patch 390
    cpe:2.3:a:ntp:ntp:4.2.7:p390
  • NTP 4.2.7 Patch 391
    cpe:2.3:a:ntp:ntp:4.2.7:p391
  • NTP 4.2.7 Patch 392
    cpe:2.3:a:ntp:ntp:4.2.7:p392
  • NTP 4.2.7 Patch 393
    cpe:2.3:a:ntp:ntp:4.2.7:p393
  • NTP 4.2.7 Patch 394
    cpe:2.3:a:ntp:ntp:4.2.7:p394
  • NTP 4.2.7 Patch 395
    cpe:2.3:a:ntp:ntp:4.2.7:p395
  • NTP 4.2.7 Patch 396
    cpe:2.3:a:ntp:ntp:4.2.7:p396
  • NTP 4.2.7 Patch 397
    cpe:2.3:a:ntp:ntp:4.2.7:p397
  • NTP 4.2.7 Patch 398
    cpe:2.3:a:ntp:ntp:4.2.7:p398
  • NTP 4.2.7 Patch 399
    cpe:2.3:a:ntp:ntp:4.2.7:p399
  • NTP 4.2.7 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.7:p4
  • NTP 4.2.7 Patch 40
    cpe:2.3:a:ntp:ntp:4.2.7:p40
  • NTP 4.2.7 Patch 400
    cpe:2.3:a:ntp:ntp:4.2.7:p400
  • NTP 4.2.7 Patch 401
    cpe:2.3:a:ntp:ntp:4.2.7:p401
  • NTP 4.2.7 Patch 402
    cpe:2.3:a:ntp:ntp:4.2.7:p402
  • NTP 4.2.7 Patch 403
    cpe:2.3:a:ntp:ntp:4.2.7:p403
  • NTP 4.2.7 Patch 404
    cpe:2.3:a:ntp:ntp:4.2.7:p404
  • NTP 4.2.7 Patch 405
    cpe:2.3:a:ntp:ntp:4.2.7:p405
  • NTP 4.2.7 Patch 406
    cpe:2.3:a:ntp:ntp:4.2.7:p406
  • NTP 4.2.7 Patch 407
    cpe:2.3:a:ntp:ntp:4.2.7:p407
  • NTP 4.2.7 Patch 408
    cpe:2.3:a:ntp:ntp:4.2.7:p408
  • NTP 4.2.7 Patch 409
    cpe:2.3:a:ntp:ntp:4.2.7:p409
  • NTP 4.2.7 Patch 41
    cpe:2.3:a:ntp:ntp:4.2.7:p41
  • NTP 4.2.7 Patch 410
    cpe:2.3:a:ntp:ntp:4.2.7:p410
  • NTP 4.2.7 Patch 411
    cpe:2.3:a:ntp:ntp:4.2.7:p411
  • NTP 4.2.7 Patch 412
    cpe:2.3:a:ntp:ntp:4.2.7:p412
  • NTP 4.2.7 Patch 413
    cpe:2.3:a:ntp:ntp:4.2.7:p413
  • NTP 4.2.7 Patch 414
    cpe:2.3:a:ntp:ntp:4.2.7:p414
  • NTP 4.2.7 Patch 415
    cpe:2.3:a:ntp:ntp:4.2.7:p415
  • NTP 4.2.7 Patch 416
    cpe:2.3:a:ntp:ntp:4.2.7:p416
  • NTP 4.2.7 Patch 417
    cpe:2.3:a:ntp:ntp:4.2.7:p417
  • NTP 4.2.7 Patch 418
    cpe:2.3:a:ntp:ntp:4.2.7:p418
  • NTP 4.2.7 Patch 419
    cpe:2.3:a:ntp:ntp:4.2.7:p419
  • NTP 4.2.7 Patch 42
    cpe:2.3:a:ntp:ntp:4.2.7:p42
  • NTP 4.2.7 Patch 420
    cpe:2.3:a:ntp:ntp:4.2.7:p420
  • NTP 4.2.7 Patch 421
    cpe:2.3:a:ntp:ntp:4.2.7:p421
  • NTP 4.2.7 Patch 422
    cpe:2.3:a:ntp:ntp:4.2.7:p422
  • NTP 4.2.7 Patch 423
    cpe:2.3:a:ntp:ntp:4.2.7:p423
  • NTP 4.2.7 Patch 424
    cpe:2.3:a:ntp:ntp:4.2.7:p424
  • NTP 4.2.7 Patch 425
    cpe:2.3:a:ntp:ntp:4.2.7:p425
  • NTP 4.2.7 Patch 426
    cpe:2.3:a:ntp:ntp:4.2.7:p426
  • NTP 4.2.7 Patch 427
    cpe:2.3:a:ntp:ntp:4.2.7:p427
  • NTP 4.2.7 Patch 428
    cpe:2.3:a:ntp:ntp:4.2.7:p428
  • NTP 4.2.7 Patch 429
    cpe:2.3:a:ntp:ntp:4.2.7:p429
  • NTP 4.2.7 Patch 43
    cpe:2.3:a:ntp:ntp:4.2.7:p43
  • NTP 4.2.7 Patch 430
    cpe:2.3:a:ntp:ntp:4.2.7:p430
  • NTP 4.2.7 Patch 431
    cpe:2.3:a:ntp:ntp:4.2.7:p431
  • NTP 4.2.7 Patch 432
    cpe:2.3:a:ntp:ntp:4.2.7:p432
  • NTP 4.2.7 Patch 433
    cpe:2.3:a:ntp:ntp:4.2.7:p433
  • NTP 4.2.7 Patch 434
    cpe:2.3:a:ntp:ntp:4.2.7:p434
  • NTP 4.2.7 Patch 435
    cpe:2.3:a:ntp:ntp:4.2.7:p435
  • NTP 4.2.7 Patch 436
    cpe:2.3:a:ntp:ntp:4.2.7:p436
  • NTP 4.2.7 Patch 437
    cpe:2.3:a:ntp:ntp:4.2.7:p437
  • NTP 4.2.7 Patch 438
    cpe:2.3:a:ntp:ntp:4.2.7:p438
  • NTP 4.2.7 Patch 439
    cpe:2.3:a:ntp:ntp:4.2.7:p439
  • NTP 4.2.7 Patch 44
    cpe:2.3:a:ntp:ntp:4.2.7:p44
  • NTP 4.2.7 Patch 440
    cpe:2.3:a:ntp:ntp:4.2.7:p440
  • NTP 4.2.7 Patch 441
    cpe:2.3:a:ntp:ntp:4.2.7:p441
  • NTP 4.2.7 Patch 442
    cpe:2.3:a:ntp:ntp:4.2.7:p442
  • NTP 4.2.7 Patch 443
    cpe:2.3:a:ntp:ntp:4.2.7:p443
  • NTP 4.2.7 Patch 444
    cpe:2.3:a:ntp:ntp:4.2.7:p444
  • NTP 4.2.7 Patch 445
    cpe:2.3:a:ntp:ntp:4.2.7:p445
  • NTP 4.2.7 Patch 446
    cpe:2.3:a:ntp:ntp:4.2.7:p446
  • NTP 4.2.7 Patch 447
    cpe:2.3:a:ntp:ntp:4.2.7:p447
  • NTP 4.2.7 Patch 448
    cpe:2.3:a:ntp:ntp:4.2.7:p448
  • NTP 4.2.7 Patch 449
    cpe:2.3:a:ntp:ntp:4.2.7:p449
  • NTP 4.2.7 Patch 45
    cpe:2.3:a:ntp:ntp:4.2.7:p45
  • NTP 4.2.7 Patch 450
    cpe:2.3:a:ntp:ntp:4.2.7:p450
  • NTP 4.2.7 Patch 451
    cpe:2.3:a:ntp:ntp:4.2.7:p451
  • NTP 4.2.7 Patch 452
    cpe:2.3:a:ntp:ntp:4.2.7:p452
  • NTP 4.2.7 Patch 453
    cpe:2.3:a:ntp:ntp:4.2.7:p453
  • NTP 4.2.7 Patch 454
    cpe:2.3:a:ntp:ntp:4.2.7:p454
  • NTP 4.2.7 Patch 455
    cpe:2.3:a:ntp:ntp:4.2.7:p455
  • NTP 4.2.7 Patch 456
    cpe:2.3:a:ntp:ntp:4.2.7:p456
  • NTP 4.2.7 Patch 457
    cpe:2.3:a:ntp:ntp:4.2.7:p457
  • NTP 4.2.7 Patch 458
    cpe:2.3:a:ntp:ntp:4.2.7:p458
  • NTP 4.2.7 Patch 459
    cpe:2.3:a:ntp:ntp:4.2.7:p459
  • NTP 4.2.7 Patch 46
    cpe:2.3:a:ntp:ntp:4.2.7:p46
  • NTP 4.2.7 Patch 460
    cpe:2.3:a:ntp:ntp:4.2.7:p460
  • NTP 4.2.7 Patch 461
    cpe:2.3:a:ntp:ntp:4.2.7:p461
  • NTP 4.2.7 Patch 462
    cpe:2.3:a:ntp:ntp:4.2.7:p462
  • NTP 4.2.7 Patch 463
    cpe:2.3:a:ntp:ntp:4.2.7:p463
  • NTP 4.2.7 Patch 464
    cpe:2.3:a:ntp:ntp:4.2.7:p464
  • NTP 4.2.7 Patch 465
    cpe:2.3:a:ntp:ntp:4.2.7:p465
  • NTP 4.2.7 Patch 466
    cpe:2.3:a:ntp:ntp:4.2.7:p466
  • NTP 4.2.7 Patch 467
    cpe:2.3:a:ntp:ntp:4.2.7:p467
  • NTP 4.2.7 Patch 468
    cpe:2.3:a:ntp:ntp:4.2.7:p468
  • NTP 4.2.7 Patch 469
    cpe:2.3:a:ntp:ntp:4.2.7:p469
  • NTP 4.2.7 Patch 47
    cpe:2.3:a:ntp:ntp:4.2.7:p47
  • NTP 4.2.7 Patch 470
    cpe:2.3:a:ntp:ntp:4.2.7:p470
  • NTP 4.2.7 Patch 471
    cpe:2.3:a:ntp:ntp:4.2.7:p471
  • NTP 4.2.7 Patch 472
    cpe:2.3:a:ntp:ntp:4.2.7:p472
  • NTP 4.2.7 Patch 473
    cpe:2.3:a:ntp:ntp:4.2.7:p473
  • NTP 4.2.7 Patch 474
    cpe:2.3:a:ntp:ntp:4.2.7:p474
  • NTP 4.2.7 Patch 475
    cpe:2.3:a:ntp:ntp:4.2.7:p475
  • NTP 4.2.7 Patch 476
    cpe:2.3:a:ntp:ntp:4.2.7:p476
  • NTP 4.2.7 Patch 477
    cpe:2.3:a:ntp:ntp:4.2.7:p477
  • NTP 4.2.7 Patch 478
    cpe:2.3:a:ntp:ntp:4.2.7:p478
  • NTP 4.2.7 Patch 479
    cpe:2.3:a:ntp:ntp:4.2.7:p479
  • NTP 4.2.7 Patch 48
    cpe:2.3:a:ntp:ntp:4.2.7:p48
  • NTP 4.2.7 Patch 480
    cpe:2.3:a:ntp:ntp:4.2.7:p480
  • NTP 4.2.7 Patch 481
    cpe:2.3:a:ntp:ntp:4.2.7:p481
  • NTP 4.2.7 Patch 482
    cpe:2.3:a:ntp:ntp:4.2.7:p482
  • NTP 4.2.7 Patch 483
    cpe:2.3:a:ntp:ntp:4.2.7:p483
  • NTP 4.2.7 Patch 484 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p484_rc1
  • NTP 4.2.7 Patch 485 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p485_rc1
  • NTP 4.2.7 Patch 486 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p486_rc1
  • NTP 4.2.7 Patch 49
    cpe:2.3:a:ntp:ntp:4.2.7:p49
  • NTP 4.2.7 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.7:p5
  • NTP 4.2.7 Patch 50
    cpe:2.3:a:ntp:ntp:4.2.7:p50
  • NTP 4.2.7 Patch 51
    cpe:2.3:a:ntp:ntp:4.2.7:p51
  • NTP 4.2.7 Patch 52
    cpe:2.3:a:ntp:ntp:4.2.7:p52
  • NTP 4.2.7 Patch 53
    cpe:2.3:a:ntp:ntp:4.2.7:p53
  • NTP 4.2.7 Patch 54
    cpe:2.3:a:ntp:ntp:4.2.7:p54
  • NTP 4.2.7 Patch 55
    cpe:2.3:a:ntp:ntp:4.2.7:p55
  • NTP 4.2.7 Patch 56
    cpe:2.3:a:ntp:ntp:4.2.7:p56
  • NTP 4.2.7 Patch 57
    cpe:2.3:a:ntp:ntp:4.2.7:p57
  • NTP 4.2.7 Patch 58
    cpe:2.3:a:ntp:ntp:4.2.7:p58
  • NTP 4.2.7 Patch 59
    cpe:2.3:a:ntp:ntp:4.2.7:p59
  • NTP 4.2.7 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.7:p6
  • NTP 4.2.7 Patch 60
    cpe:2.3:a:ntp:ntp:4.2.7:p60
  • NTP 4.2.7 Patch 61
    cpe:2.3:a:ntp:ntp:4.2.7:p61
  • NTP 4.2.7 Patch 62
    cpe:2.3:a:ntp:ntp:4.2.7:p62
  • NTP 4.2.7 Patch 63
    cpe:2.3:a:ntp:ntp:4.2.7:p63
  • NTP 4.2.7 Patch 64
    cpe:2.3:a:ntp:ntp:4.2.7:p64
  • NTP 4.2.7 Patch 65
    cpe:2.3:a:ntp:ntp:4.2.7:p65
  • NTP 4.2.7 Patch 66
    cpe:2.3:a:ntp:ntp:4.2.7:p66
  • NTP 4.2.7 Patch 67
    cpe:2.3:a:ntp:ntp:4.2.7:p67
  • NTP 4.2.7 Patch 68
    cpe:2.3:a:ntp:ntp:4.2.7:p68
  • NTP 4.2.7 Patch 69
    cpe:2.3:a:ntp:ntp:4.2.7:p69
  • NTP 4.2.7 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.7:p7
  • NTP 4.2.7 Patch 70
    cpe:2.3:a:ntp:ntp:4.2.7:p70
  • NTP 4.2.7 Patch 71
    cpe:2.3:a:ntp:ntp:4.2.7:p71
  • NTP 4.2.7 Patch 72
    cpe:2.3:a:ntp:ntp:4.2.7:p72
  • NTP 4.2.7 Patch 73
    cpe:2.3:a:ntp:ntp:4.2.7:p73
  • NTP 4.2.7 Patch 74
    cpe:2.3:a:ntp:ntp:4.2.7:p74
  • NTP 4.2.7 Patch 75
    cpe:2.3:a:ntp:ntp:4.2.7:p75
  • NTP 4.2.7 Patch 76
    cpe:2.3:a:ntp:ntp:4.2.7:p76
  • NTP 4.2.7 Patch 77
    cpe:2.3:a:ntp:ntp:4.2.7:p77
  • NTP 4.2.7 Patch 78
    cpe:2.3:a:ntp:ntp:4.2.7:p78
  • NTP 4.2.7 Patch 79
    cpe:2.3:a:ntp:ntp:4.2.7:p79
  • NTP 4.2.7 Patch 8
    cpe:2.3:a:ntp:ntp:4.2.7:p8
  • NTP 4.2.7 Patch 80
    cpe:2.3:a:ntp:ntp:4.2.7:p80
  • NTP 4.2.7 Patch 81
    cpe:2.3:a:ntp:ntp:4.2.7:p81
  • NTP 4.2.7 Patch 82
    cpe:2.3:a:ntp:ntp:4.2.7:p82
  • NTP 4.2.7 Patch 83
    cpe:2.3:a:ntp:ntp:4.2.7:p83
  • NTP 4.2.7 Patch 84
    cpe:2.3:a:ntp:ntp:4.2.7:p84
  • NTP 4.2.7 Patch 85
    cpe:2.3:a:ntp:ntp:4.2.7:p85
  • NTP 4.2.7 Patch 86
    cpe:2.3:a:ntp:ntp:4.2.7:p86
  • NTP 4.2.7 Patch 87
    cpe:2.3:a:ntp:ntp:4.2.7:p87
  • NTP 4.2.7 Patch 88
    cpe:2.3:a:ntp:ntp:4.2.7:p88
  • NTP 4.2.7 Patch 89
    cpe:2.3:a:ntp:ntp:4.2.7:p89
  • NTP 4.2.7 Patch 9
    cpe:2.3:a:ntp:ntp:4.2.7:p9
  • NTP 4.2.7 Patch 90
    cpe:2.3:a:ntp:ntp:4.2.7:p90
  • NTP 4.2.7 Patch 91
    cpe:2.3:a:ntp:ntp:4.2.7:p91
  • NTP 4.2.7 Patch 92
    cpe:2.3:a:ntp:ntp:4.2.7:p92
  • NTP 4.2.7 Patch 93
    cpe:2.3:a:ntp:ntp:4.2.7:p93
  • NTP 4.2.7 Patch 94
    cpe:2.3:a:ntp:ntp:4.2.7:p94
  • NTP 4.2.7 Patch 95
    cpe:2.3:a:ntp:ntp:4.2.7:p95
  • NTP 4.2.7 Patch 96
    cpe:2.3:a:ntp:ntp:4.2.7:p96
  • NTP 4.2.7 Patch 97
    cpe:2.3:a:ntp:ntp:4.2.7:p97
  • NTP 4.2.7 Patch 98
    cpe:2.3:a:ntp:ntp:4.2.7:p98
  • NTP 4.2.7 Patch 99
    cpe:2.3:a:ntp:ntp:4.2.7:p99
  • NTP NTP 4.2.7p444
    cpe:2.3:a:ntp:ntp:4.2.7p444
  • NTP NTP 4.2.8
    cpe:2.3:a:ntp:ntp:4.2.8
  • NTP 4.2.8 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1
  • NTP 4.2.8 Patch 1 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta1
  • NTP 4.2.8 Patch 1 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta2
  • NTP 4.2.8 Patch 1 Beta 3
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta3
  • NTP 4.2.8 Patch 1 Beta 4
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta4
  • NTP 4.2.8 Patch 1 Beta5
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta5
  • NTP 4.2.8 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc1
  • NTP 4.2.8 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc2
  • NTP 4.2.8 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2
  • NTP 4.2.8 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc1
  • NTP 4.2.8 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc2
  • NTP 4.2.8 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc3
  • NTP 4.2.8 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3
  • NTP 4.2.8 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc1
  • NTP 4.2.8 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc2
  • NTP 4.2.8 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc3
  • NTP 4.2.8 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.8:p4
  • NTP 4.2.8 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.8:p5
  • NTP 4.2.8 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.8:p6
  • NTP 4.2.8 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.8:p7
CVSS
Base: 5.0 (as of 04-10-2016 - 14:55)
Impact:
Exploitability:
CWE CWE-20
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Object Relational Mapping Injection
    An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.
  • SQL Injection through SOAP Parameter Tampering
    An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Variable Manipulation
    An attacker manipulates variables used by an application to perform a variety of possible attacks. This can either be performed through the manipulation of function call parameters or by manipulating external variables, such as environment variables, that are used by an application. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Flash Injection
    An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • Cross-Site Scripting via Encoded URI Schemes
    An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.
  • XML Injection
    An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
  • Environment Variable Manipulation
    An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Global variable manipulation
    An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Leverage Alternate Encoding
    This attack leverages the possibility to encode potentially harmful input and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
  • Using Leading 'Ghost' Character Sequences to Bypass Input Filters
    An attacker intentionally introduces leading characters that enable getting the input past the filters. The API that is being targeted, ignores the leading "ghost" characters, and therefore processes the attackers' input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API. Some APIs will strip certain leading characters from a string of parameters. Perhaps these characters are considered redundant, and for this reason they are removed. Another possibility is the parser logic at the beginning of analysis is specialized in some way that causes some characters to be removed. The attacker can specify multiple types of alternative encodings at the beginning of a string as a set of probes. One commonly used possibility involves adding ghost characters--extra characters that don't affect the validity of the request at the API layer. If the attacker has access to the API libraries being targeted, certain attack ideas can be tested directly in advance. Once alternative ghost encodings emerge through testing, the attacker can move from lab-based API testing to testing real-world service implementations.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
  • Embedding Scripts in HTTP Query Strings
    A variant of cross-site scripting called "reflected" cross-site scripting, the HTTP Query Strings attack consists of passing a malicious script inside an otherwise valid HTTP request query string. This is of significant concern for sites that rely on dynamic, user-generated content such as bulletin boards, news sites, blogs, and web enabled administration GUIs. The malicious script may steal session data, browse history, probe files, or otherwise execute attacks on the client side. Once the attacker has prepared the malicious HTTP query it is sent to a victim user (perhaps by email, IM, or posted on an online forum), who clicks on a normal looking link that contains a poison query string. This technique can be made more effective through the use of services like http://tinyurl.com/, which makes very small URLs that will redirect to very large, complex ones. The victim will not know what he is really clicking on.
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • Embedding NULL Bytes
    An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
  • Postfix, Null Terminate, and Backslash
    If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
  • Simple Script Injection
    An attacker embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • SQL Injection
    This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Blind SQL Injection
    Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the attacker constructs input strings that probe the target through simple Boolean SQL expressions. The attacker can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the attacker determines how and where the target is vulnerable to SQL Injection. For example, an attacker may try entering something like "username' AND 1=1; --" in an input field. If the result is the same as when the attacker entered "username" in the field, then the attacker knows that the application is vulnerable to SQL Injection. The attacker can then ask yes/no questions from the database server to extract information from it. For example, the attacker can extract table names from a database using the following types of queries: If the above query executes properly, then the attacker knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the attacker knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the attacker can determine all table names in the database. Subsequently, the attacker may execute an actual attack and send something like:
  • Using Unicode Encoding to Bypass Validation Logic
    An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
  • URL Encoding
    This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).
  • User-Controlled Filename
    An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
  • Using Escaped Slashes in Alternate Encoding
    This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Using UTF-8 Encoding to Bypass Validation Logic
    This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the "shortest possible" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
  • XPath Injection
    An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database. In order to successfully inject XML and retrieve information from a database, an attacker:
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
  • Embedding Script (XSS) in HTTP Headers
    An attack of this type exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
  • XSS in IMG Tags
    Image tags are an often overlooked, but convenient, means for a Cross Site Scripting attack. The attacker can inject script contents into an image (IMG) tag in order to steal information from a victim's browser and execute malicious scripts.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201607-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201607-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 92485
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92485
    title GLSA-201607-15 : NTP: Multiple vulnerabilities
  • NASL family AIX Local Security Checks
    NASL id AIX_IV87614.NASL
    description NTPv3 and NTPv4 are vulnerable to : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock. If ntpd was expressly configured to allow for remote configuration, a malicious user who knows the controlkey for ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) can create a session with ntpd and then send a crafted packet to ntpd that will change the value of the trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted. NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. NTP is vulnerable to a denial of service, caused by the failure to always check the ctl_getitem() function return value. By sending an overly large value, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets, an attacker could exploit this vulnerability to cause ntpd to crash. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets to an ephemeral peer target prior to a response being sent, a remote attacker could exploit this vulnerability to demobilize the ephemeral association. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed server packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause a false leap indication to be set. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed CRYPTO_NAK or a bad MAC packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause the autokey association to reset. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory7.nasl (plugin id 102128).
    last seen 2017-10-29
    modified 2017-08-03
    plugin id 93350
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93350
    title AIX 5.3 TL 12 : ntp (IV87614) (deprecated)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV87615.NASL
    description NTPv3 and NTPv4 are vulnerable to : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock. If ntpd was expressly configured to allow for remote configuration, a malicious user who knows the controlkey for ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) can create a session with ntpd and then send a crafted packet to ntpd that will change the value of the trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted. NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. NTP is vulnerable to a denial of service, caused by the failure to always check the ctl_getitem() function return value. By sending an overly large value, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets, an attacker could exploit this vulnerability to cause ntpd to crash. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets to an ephemeral peer target prior to a response being sent, a remote attacker could exploit this vulnerability to demobilize the ephemeral association. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed server packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause a false leap indication to be set. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed CRYPTO_NAK or a bad MAC packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause the autokey association to reset. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory7.nasl (plugin id 102128).
    last seen 2017-10-29
    modified 2017-08-03
    plugin id 93351
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93351
    title AIX 7.1 TL 3 : ntp (IV87615) (deprecated)
  • NASL family AIX Local Security Checks
    NASL id AIX_NTP_V4_ADVISORY7.NASL
    description The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A time serving flaw exists in the trusted key system due to improper key checks. An authenticated, remote attacker can exploit this to perform impersonation attacks between authenticated peers. (CVE-2015-7974) - A denial of service vulnerability exists due to improper handling of a crafted Crypto NAK Packet with a source address spoofed to match that of an existing associated peer. An unauthenticated, remote attacker can exploit this to demobilize a client association. (CVE-2016-1547) - An information disclosure vulnerability exists in the message authentication functionality in libntp that is triggered during the handling of a series of specially crafted messages. An adjacent attacker can exploit this to partially recover the message digest key. (CVE-2016-1550) - A flaw exists due to improper filtering of IPv4 'bogon' packets received from a network. An unauthenticated, remote attacker can exploit this to spoof packets to appear to come from a specific reference clock. (CVE-2016-1551) - A denial of service vulnerability exists that allows an authenticated, remote attacker to manipulate the value of the trustedkey, controlkey, or requestkey via a crafted packet, preventing authentication with ntpd until the daemon has been restarted. (CVE-2016-2517) - An out-of-bounds read error exists in the MATCH_ASSOC() function that occurs during the creation of peer associations with hmode greater than 7. An authenticated, remote attacker can exploit this, via a specially crafted packet, to cause a denial of service. (CVE-2016-2518) - An overflow condition exists in the ctl_getitem() function in ntpd due to improper validation of user-supplied input when reporting return values. An authenticated, remote attacker can exploit this to cause ntpd to abort. (CVE-2016-2519) - A denial of service vulnerability exists when handling authentication due to improper packet timestamp checks. An unauthenticated, remote attacker can exploit this, via a specially crafted and spoofed packet, to demobilize the ephemeral associations. (CVE-2016-4953) - A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to affect peer variables (e.g., cause leap indications to be set). Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4954) - A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to reset autokey associations. Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4955) - A denial of service vulnerability exists when handling CRYPTO_NAK packets that allows an unauthenticated, remote attacker to cause a crash. (CVE-2016-4957)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 99183
    published 2017-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99183
    title AIX NTP v4 Advisory : ntp_advisory7.asc (IV87278) (IV87279)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV87419.NASL
    description NTPv3 and NTPv4 are vulnerable to : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock. If ntpd was expressly configured to allow for remote configuration, a malicious user who knows the controlkey for ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) can create a session with ntpd and then send a crafted packet to ntpd that will change the value of the trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted. NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. NTP is vulnerable to a denial of service, caused by the failure to always check the ctl_getitem() function return value. By sending an overly large value, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets, an attacker could exploit this vulnerability to cause ntpd to crash. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets to an ephemeral peer target prior to a response being sent, a remote attacker could exploit this vulnerability to demobilize the ephemeral association. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed server packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause a false leap indication to be set. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed CRYPTO_NAK or a bad MAC packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause the autokey association to reset. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory7.nasl (plugin id 102128).
    last seen 2017-10-29
    modified 2017-08-03
    plugin id 93348
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93348
    title AIX 6.1 TL 9 : ntp (IV87419) (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1568-1.NASL
    description ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). - CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton key (bsc#962960). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). - CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch (bsc#977452). - CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated (bsc#977455). - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459). - CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering (bsc#977450). - CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing (bsc#977464). - CVE-2016-1548: Interleave-pivot - MITIGATION ONLY (bsc#977461). - CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY (bsc#977451). This release also contained improved patches for CVE-2015-7704, CVE-2015-7705, CVE-2015-7974. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 91663
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91663
    title SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1912-1.NASL
    description NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package. These security issues were fixed : CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065). CVE-2016-4954: Processing spoofed server packets (bsc#982066). CVE-2016-4955: Autokey association reset (bsc#982067). CVE-2016-4956: Broadcast interleave (bsc#982068). CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459). CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461). CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451). CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464). CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452). CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455). CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966). CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802). CVE-2015-7975: nextvar() missing length check (bsc#962988). CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton' key (bsc#962960). CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629). CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218). CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611). CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611). CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611). CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611). CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611). CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#952611). CVE-2015-7850: Clients that receive a KoD now validate the origin timestamp field (bsc#952611). CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611). CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611). CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611). CVE-2015-7703: Configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#943221). CVE-2015-7704: Clients that receive a KoD should validate the origin timestamp field (bsc#952611). CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#952611). CVE-2015-7691: Incomplete autokey data packet length checks (bsc#952611). CVE-2015-7692: Incomplete autokey data packet length checks (bsc#952611). CVE-2015-7702: Incomplete autokey data packet length checks (bsc#952611). CVE-2015-1798: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC field has a nonzero length, which made it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (bsc#924202). CVE-2015-1799: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP performed state-variable updates upon receiving certain invalid packets, which made it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (bsc#924202). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93186
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93186
    title SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1602-1.NASL
    description ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93153
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93153
    title SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1602-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-727.NASL
    description ntp was updated to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed : - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'.
    last seen 2019-02-21
    modified 2016-12-05
    plugin id 91630
    published 2016-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91630
    title openSUSE Security Update : ntp (openSUSE-2016-727)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1584-1.NASL
    description ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 91666
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91666
    title SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1584-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-155-01.NASL
    description New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2016-12-05
    plugin id 91462
    published 2016-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91462
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-155-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1563-1.NASL
    description ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 91662
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91662
    title SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1563-1)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV87939.NASL
    description NTPv3 and NTPv4 are vulnerable to : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock. If ntpd was expressly configured to allow for remote configuration, a malicious user who knows the controlkey for ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) can create a session with ntpd and then send a crafted packet to ntpd that will change the value of the trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted. NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. NTP is vulnerable to a denial of service, caused by the failure to always check the ctl_getitem() function return value. By sending an overly large value, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets, an attacker could exploit this vulnerability to cause ntpd to crash. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets to an ephemeral peer target prior to a response being sent, a remote attacker could exploit this vulnerability to demobilize the ephemeral association. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed server packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause a false leap indication to be set. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed CRYPTO_NAK or a bad MAC packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause the autokey association to reset. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory7.nasl (plugin id 102128).
    last seen 2017-10-29
    modified 2017-08-03
    plugin id 93352
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93352
    title AIX 7.2 TL 0 : ntp (IV87939) (deprecated)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV87420.NASL
    description NTPv3 and NTPv4 are vulnerable to : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock. If ntpd was expressly configured to allow for remote configuration, a malicious user who knows the controlkey for ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) can create a session with ntpd and then send a crafted packet to ntpd that will change the value of the trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted. NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. NTP is vulnerable to a denial of service, caused by the failure to always check the ctl_getitem() function return value. By sending an overly large value, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets, an attacker could exploit this vulnerability to cause ntpd to crash. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending specially crafted CRYPTO_NAK packets to an ephemeral peer target prior to a response being sent, a remote attacker could exploit this vulnerability to demobilize the ephemeral association. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed server packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause a false leap indication to be set. NTP is vulnerable to a denial of service, caused by the improper handling of packets. By sending spoofed CRYPTO_NAK or a bad MAC packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause the autokey association to reset. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory7.nasl (plugin id 102128).
    last seen 2017-10-29
    modified 2017-08-03
    plugin id 93349
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93349
    title AIX 7.1 TL 4 : ntp (IV87420) (deprecated)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7CFCEA05600A11E6A6C314DAE9D210B8.NASL
    description Multiple vulnerabilities have been discovered in the NTP suite : The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco] An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association. [CVE-2016-4953, Reported by Miroslav Lichvar of Red Hat] An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the target machine can affect some peer variables and, for example, cause a false leap indication to be set. [CVE-2016-4954, Reported by Jakub Prokes of Red Hat] An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK or a bad MAC and cause the association's peer variables to be cleared. If this can be done often enough, it will prevent that association from working. [CVE-2016-4955, Reported by Miroslav Lichvar of Red Hat] The fix for NtpBug2978 does not cover broadcast associations, so broadcast clients can be triggered to flip into interleave mode. [CVE-2016-4956, Reported by Miroslav Lichvar of Red Hat.] Impact : Malicious remote attackers may be able to break time synchronization, or cause the ntpd(8) daemon to crash.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92927
    published 2016-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92927
    title FreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)
  • NASL family Misc.
    NASL id NTP_4_2_8P8.NASL
    description The version of the remote NTP server is 4.x prior to 4.2.8p8 or 4.3.x prior to 4.3.93. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when handling authentication due to improper packet timestamp checks. An unauthenticated, remote attacker can exploit this, via a specially crafted and spoofed packet, to demobilize the ephemeral associations. (CVE-2016-4953) - A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to affect peer variables (e.g., cause leap indications to be set). Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4954) - A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to reset autokey associations. Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4955) - A flaw exists when handling broadcast associations that allows an unauthenticated, remote attacker to cause a broadcast client to change into interleave mode. (CVE-2016-4956) - A denial of service vulnerability exists when handling CRYPTO_NAK packets that allows an unauthenticated, remote attacker to cause a crash. Note that this issue only affects versions 4.2.8p7 and 4.3.92. (CVE-2016-4957)
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 91515
    published 2016-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91515
    title Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p8 / 4.3.x < 4.3.93 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-750.NASL
    description ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed : - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2016-12-05
    plugin id 91721
    published 2016-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91721
    title openSUSE Security Update : ntp (openSUSE-2016-750)
refmap via4
cert-vn VU#321640
confirm
freebsd FreeBSD-SA-16:24
gentoo GLSA-201607-15
sectrack 1036037
suse
  • SUSE-SU-2016:1563
  • SUSE-SU-2016:1584
  • SUSE-SU-2016:1602
  • openSUSE-SU-2016:1583
  • openSUSE-SU-2016:1636
talos via4
id TALOS-2016-0204
last seen 2018-08-31
published 2016-11-21
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0204
title Network Time Protocol Trap Crash Denial of Service Vulnerability
Last major update 05-10-2016 - 11:25
Published 04-07-2016 - 21:59
Last modified 30-10-2018 - 12:27
Back to Top