Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1912-1)
Summary:The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1912-1 advisory.
The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1912-1 advisory.

Vulnerability Insight:
NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package.
These security issues were fixed:
CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065).
CVE-2016-4954: Processing spoofed server packets (bsc#982066).
CVE-2016-4955: Autokey association reset (bsc#982067).
CVE-2016-4956: Broadcast interleave (bsc#982068).
CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).
CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459).
CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461).
CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451).
CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464).
CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452).
CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455).
CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457).
CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458).
CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).
CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).
CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).
CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802).
CVE-2015-7975: nextvar() missing length check (bsc#962988).
CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton' key (bsc#962960).
CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).
CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629).
CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218).
CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611).
CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611).
CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611).
CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611).
CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611).
CVE-2015-7851: saveconfig Directory Traversal Vu... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ntp' package(s) on SUSE Linux Enterprise Server 10 SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1798
BugTraq ID: 73951
CERT/CC vulnerability note: VU#374268
Cisco Security Advisory: 20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Cisco Security Advisory: 20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability
Debian Security Information: DSA-3223 (Google Search)
HPdes Security Advisory: HPSBUX03333
HPdes Security Advisory: SSRT102029
RedHat Security Advisories: RHSA-2015:1459
SuSE Security Announcement: openSUSE-SU-2015:0775 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-1799
BugTraq ID: 73950
Cisco Security Advisory: 20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability
Debian Security Information: DSA-3222 (Google Search)
HPdes Security Advisory: HPSBHF03557
Common Vulnerability Exposure (CVE) ID: CVE-2015-5194
BugTraq ID: 76475
Debian Security Information: DSA-3388 (Google Search)
RedHat Security Advisories: RHSA-2016:0780
RedHat Security Advisories: RHSA-2016:2583
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-5300
BugTraq ID: 77312
FreeBSD Security Advisory: FreeBSD-SA-16:24
RedHat Security Advisories: RHSA-2015:1930
SuSE Security Announcement: SUSE-SU:2016:1175 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1177 (Google Search)
SuSE Security Announcement: SUSE-SU:2016:1247 (Google Search)
SuSE Security Announcement: openSUSE-SU:2016:1292 (Google Search)
SuSE Security Announcement: openSUSE-SU:2016:1423 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-7691
BugTraq ID: 77274
Common Vulnerability Exposure (CVE) ID: CVE-2015-7692
BugTraq ID: 77285
Common Vulnerability Exposure (CVE) ID: CVE-2015-7701
BugTraq ID: 77281
Common Vulnerability Exposure (CVE) ID: CVE-2015-7702
BugTraq ID: 77286
Common Vulnerability Exposure (CVE) ID: CVE-2015-7703
BugTraq ID: 77278
Common Vulnerability Exposure (CVE) ID: CVE-2015-7704
BugTraq ID: 77280
CERT/CC vulnerability note: VU#718152
RedHat Security Advisories: RHSA-2015:2520
Common Vulnerability Exposure (CVE) ID: CVE-2015-7705
BugTraq ID: 77284
Common Vulnerability Exposure (CVE) ID: CVE-2015-7848
BugTraq ID: 77275
Common Vulnerability Exposure (CVE) ID: CVE-2015-7849
BugTraq ID: 77276
Common Vulnerability Exposure (CVE) ID: CVE-2015-7850
BugTraq ID: 77279
Common Vulnerability Exposure (CVE) ID: CVE-2015-7851
Common Vulnerability Exposure (CVE) ID: CVE-2015-7852
BugTraq ID: 77288
Common Vulnerability Exposure (CVE) ID: CVE-2015-7853
BugTraq ID: 77273
Common Vulnerability Exposure (CVE) ID: CVE-2015-7854
BugTraq ID: 77277
Common Vulnerability Exposure (CVE) ID: CVE-2015-7855
BugTraq ID: 77283
Common Vulnerability Exposure (CVE) ID: CVE-2015-7871
BugTraq ID: 77287
Common Vulnerability Exposure (CVE) ID: CVE-2015-7973
BugTraq ID: 81963
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-7974
BugTraq ID: 81960
Debian Security Information: DSA-3629 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-7975
BugTraq ID: 81959
Common Vulnerability Exposure (CVE) ID: CVE-2015-7976
Common Vulnerability Exposure (CVE) ID: CVE-2015-7977
BugTraq ID: 81815
Common Vulnerability Exposure (CVE) ID: CVE-2015-7978
BugTraq ID: 81962
Common Vulnerability Exposure (CVE) ID: CVE-2015-7979
BugTraq ID: 81816
RedHat Security Advisories: RHSA-2016:1141
RedHat Security Advisories: RHSA-2016:1552
Common Vulnerability Exposure (CVE) ID: CVE-2015-8138
BugTraq ID: 81811
Cisco Security Advisory: 20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
Cisco Security Advisory: 20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
RedHat Security Advisories: RHSA-2016:0063
Common Vulnerability Exposure (CVE) ID: CVE-2015-8158
BugTraq ID: 81814
Common Vulnerability Exposure (CVE) ID: CVE-2016-1547
BugTraq ID: 88276
Common Vulnerability Exposure (CVE) ID: CVE-2016-1548
BugTraq ID: 88264
Bugtraq: 20160429 [slackware-security] ntp (SSA:2016-120-01) (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1278 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1291 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1471 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1568 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1329 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-1549
BugTraq ID: 88200
Common Vulnerability Exposure (CVE) ID: CVE-2016-1550
BugTraq ID: 88261
Common Vulnerability Exposure (CVE) ID: CVE-2016-1551
BugTraq ID: 88219
Common Vulnerability Exposure (CVE) ID: CVE-2016-2516
BugTraq ID: 88180
Common Vulnerability Exposure (CVE) ID: CVE-2016-2517
BugTraq ID: 88189
Common Vulnerability Exposure (CVE) ID: CVE-2016-2518
BugTraq ID: 88226
Common Vulnerability Exposure (CVE) ID: CVE-2016-2519
BugTraq ID: 88204
Common Vulnerability Exposure (CVE) ID: CVE-2016-4953
BugTraq ID: 91010
CERT/CC vulnerability note: VU#321640
SuSE Security Announcement: SUSE-SU-2016:1563 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1584 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1602 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1583 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1636 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-4954
Common Vulnerability Exposure (CVE) ID: CVE-2016-4955
BugTraq ID: 91007
Common Vulnerability Exposure (CVE) ID: CVE-2016-4956
BugTraq ID: 91009
Common Vulnerability Exposure (CVE) ID: CVE-2016-4957
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.