Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1175-1)
Summary:The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1175-1 advisory.
The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1175-1 advisory.

Vulnerability Insight:
ntp was updated to version 4.2.8p6 to fix 12 security issues.
These security issues were fixed:
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step
larger than the panic threshold (bsc#951629).
These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
(--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added
the authreg directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
caused the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name
resolution even when running chrooted.
- bsc#784760: Remove local clock from default configuration

Affected Software/OS:
'ntp' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5300
BugTraq ID: 77312
Debian Security Information: DSA-3388 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-16:09
RedHat Security Advisories: RHSA-2015:1930
SuSE Security Announcement: SUSE-SU:2016:1175 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1177 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1247 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search)
SuSE Security Announcement: openSUSE-SU:2016:1292 (Google Search)
SuSE Security Announcement: openSUSE-SU:2016:1423 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-7973
BugTraq ID: 81963
CERT/CC vulnerability note: VU#718152
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-7974
BugTraq ID: 81960
Debian Security Information: DSA-3629 (Google Search)
RedHat Security Advisories: RHSA-2016:2583
Common Vulnerability Exposure (CVE) ID: CVE-2015-7975
BugTraq ID: 81959
Common Vulnerability Exposure (CVE) ID: CVE-2015-7976
Common Vulnerability Exposure (CVE) ID: CVE-2015-7977
BugTraq ID: 81815
RedHat Security Advisories: RHSA-2016:0780
Common Vulnerability Exposure (CVE) ID: CVE-2015-7978
BugTraq ID: 81962
Common Vulnerability Exposure (CVE) ID: CVE-2015-7979
BugTraq ID: 81816
RedHat Security Advisories: RHSA-2016:1141
RedHat Security Advisories: RHSA-2016:1552
Common Vulnerability Exposure (CVE) ID: CVE-2015-8138
BugTraq ID: 81811
Cisco Security Advisory: 20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
Cisco Security Advisory: 20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
RedHat Security Advisories: RHSA-2016:0063
Common Vulnerability Exposure (CVE) ID: CVE-2015-8139
BugTraq ID: 82105
Common Vulnerability Exposure (CVE) ID: CVE-2015-8140
Common Vulnerability Exposure (CVE) ID: CVE-2015-8158
BugTraq ID: 81814
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.