Information on source package ntp

Available versions

ReleaseVersion
wheezy1:4.2.6.p5+dfsg-2+deb7u6
wheezy (security)1:4.2.6.p5+dfsg-2+deb7u7
jessie (security)1:4.2.6.p5+dfsg-7+deb8u2
stretch1:4.2.8p10+dfsg-1
sid1:4.2.8p10+dfsg-1

Open issues

BugwheezyjessiestretchsidDescription
CVE-2017-6464vulnerablevulnerable (no DSA)fixedfixedNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...
CVE-2017-6463vulnerablevulnerable (no DSA)fixedfixedNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote ...
CVE-2016-9311vulnerable (no DSA)vulnerable (no DSA)fixedfixedntpd in NTP before 4.2.8p9, when the trap service is enabled, allows ...
CVE-2016-9310vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...
CVE-2016-9042vulnerablefixedfixedfixed
CVE-2016-7429vulnerable (no DSA)vulnerable (no DSA)fixedfixedNTP before 4.2.8p9 changes the peer structure to the interface it ...
CVE-2016-7426vulnerable (no DSA)vulnerable (no DSA)fixedfixedNTP before 4.2.8p9 rate limits responses received from the configured ...
CVE-2016-4955vulnerable (no DSA)vulnerable (no DSA)fixedfixedntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...
CVE-2016-4954vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe process_packet function in ntp_proto.c in ntpd in NTP 4.x before ...
CVE-2016-2519vulnerable (no DSA)vulnerable (no DSA)fixedfixedntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote ...
CVE-2016-1549vulnerable (no DSA)vulnerable (no DSA)fixedfixedA malicious authenticated peer can create arbitrarily-many ephemeral ...
CVE-2016-0727vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe crontab script in the ntp package before ...
CVE-2015-8140vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe ntpq protocol in NTP before 4.2.8p7 allows remote attackers to ...
CVE-2015-8139vulnerable (no DSA)vulnerable (no DSA)fixedfixedntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ...
CVE-2015-7976vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, ...
CVE-2015-7973vulnerable (no DSA)vulnerable (no DSA)fixedfixedNTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in ...
CVE-2015-7705vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets
CVE-2013-5211vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 ...

Open unimportant issues

BugwheezyjessiestretchsidDescription
CVE-2017-6462vulnerablevulnerablefixedfixedBuffer overflow in the legacy Datum Programmable Time Server (DPTS) ...
CVE-2017-6458vulnerablevulnerablefixedfixedMultiple buffer overflows in the ctl_put* functions in NTP before ...
CVE-2016-2517vulnerablevulnerablefixedfixedNTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...

Resolved issues

BugDescription
CVE-2017-6460Stack-based buffer overflow in the reslist function in ntpq in NTP ...
CVE-2017-6459The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...
CVE-2017-6455NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...
CVE-2017-6452Stack-based buffer overflow in the Windows installer for NTP before ...
CVE-2017-6451The mx4200_send function in the legacy MX4200 refclock in NTP before ...
CVE-2016-9312ntpd in NTP before 4.2.8p9, when running on Windows, allows remote ...
CVE-2016-7434The read_mru_list function in NTP before 4.2.8p9 allows remote ...
CVE-2016-7433NTP before 4.2.8p9 does not properly perform the initial sync ...
CVE-2016-7431NTP before 4.2.8p9 allows remote attackers to bypass the origin ...
CVE-2016-7428ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial ...
CVE-2016-7427The broadcast mode replay prevention functionality in ntpd in NTP ...
CVE-2016-4957ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial ...
CVE-2016-4956ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...
CVE-2016-4953ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...
CVE-2016-2518The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x ...
CVE-2016-2516NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, ...
CVE-2016-1551ntpd in NTP 4.2.8p3 and NTPsec ...
CVE-2016-1550An exploitable vulnerability exists in the message authentication ...
CVE-2016-1548An attacker can spoof a packet from a legitimate ntpd server with an ...
CVE-2016-1547An off-path attacker can cause a preemptible client association to be ...
CVE-2015-8158The getresponse function in ntpq in NTP versions before 4.2.8p9 and ...
CVE-2015-8138NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7979NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7978NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers ...
CVE-2015-7977ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote ...
CVE-2015-7975The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 ...
CVE-2015-7974NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...
CVE-2015-7871
CVE-2015-7855
CVE-2015-7854
CVE-2015-7853
CVE-2015-7852
CVE-2015-7851
CVE-2015-7850
CVE-2015-7849
CVE-2015-7848An integer overflow can occur in NTP-dev.4.3.70 leading to an ...
CVE-2015-7704An ntpd client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates.
CVE-2015-7703
CVE-2015-7702
CVE-2015-7701
CVE-2015-7692
CVE-2015-7691
CVE-2015-5300MITM attacker can force ntpd to make a step larger than the panic threshold
CVE-2015-5219infinite loop in sntp processing crafted packet
CVE-2015-5195ntpd crash when processing config commands with statistics type
CVE-2015-5194crash with crafted logconfig configuration command
CVE-2015-5146ntpd control message crash: Crafted NUL-byte in configuration directive
CVE-2015-3405ntp-keygen may generate non-random symmetric keys on big-endian systems
CVE-2015-1799The symmetric-key feature in the receive function in ntp_proto.c in ...
CVE-2015-1798The symmetric-key feature in the receive function in ntp_proto.c in ...
CVE-2014-9751The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...
CVE-2014-9750ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey ...
CVE-2014-9296The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 ...
CVE-2014-9295Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 ...
CVE-2014-9294util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak ...
CVE-2014-9293The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...
CVE-2009-3563ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...
CVE-2009-1252Stack-based buffer overflow in the crypto_recv function in ...
CVE-2009-0159Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...
CVE-2009-0021NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...
CVE-2005-2496The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...
CVE-2004-0657Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...

Security announcements

DSA / DLADescription
DSA-3629-1ntp - security update
DLA-559-1ntp - security update
DSA-3388-1ntp - security update
DSA-3388-1ntp - security update
DLA-335-1ntp - security update
DSA-3223-1ntp - security update
DLA-192-1ntp - security update
DSA-3154-2ntp - incomplete fix
DLA-149-1ntp - security update
DSA-3154-1ntp - security update
DSA-3108-1ntp - security update
DLA-116-1ntp - security update
DSA-1948-1ntp - denial of service
DSA-1948-1ntp - denial of service
DSA-1801-1ntp - several vulnerabilities
DSA-1801-1ntp - several vulnerabilities
DSA-1702-1ntp - cryptographic weakness
DSA-801-1ntp - programming error
DSA-801-1ntp - programming error

Search for package or bug name: Reporting problems