Information on source package ntp

Available versions

ReleaseVersion
buster1:4.2.8p12+dfsg-4
bullseye1:4.2.8p15+dfsg-1

Open issues

BugbusterbullseyeDescription
CVE-2023-26555vulnerable (no DSA)vulnerable (no DSA)praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...
CVE-2020-15025vulnerable (no DSA)fixedntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...
CVE-2020-13817vulnerable (no DSA, ignored)fixedntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...
CVE-2020-11868vulnerable (no DSA)fixedntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...
CVE-2018-8956vulnerable (no DSA, ignored)fixedntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...

Open unimportant issues

BugbusterbullseyeDescription
CVE-2023-26554vulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2023-26553vulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2023-26552vulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2023-26551vulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2018-12327vulnerablevulnerableStack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...

Resolved issues

BugDescription
CVE-2019-8936NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2018-7185The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attac ...
CVE-2018-7184ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...
CVE-2018-7183Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 throu ...
CVE-2018-7182The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows r ...
CVE-2018-7170ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ...
CVE-2017-6464NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...
CVE-2017-6463NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticate ...
CVE-2017-6462Buffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...
CVE-2017-6460Stack-based buffer overflow in the reslist function in ntpq in NTP bef ...
CVE-2017-6459The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...
CVE-2017-6458Multiple buffer overflows in the ctl_put* functions in NTP before 4.2. ...
CVE-2017-6455NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...
CVE-2017-6452Stack-based buffer overflow in the Windows installer for NTP before 4. ...
CVE-2017-6451The mx4200_send function in the legacy MX4200 refclock in NTP before 4 ...
CVE-2016-9312ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ...
CVE-2016-9311ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...
CVE-2016-9310The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...
CVE-2016-9042An exploitable denial of service vulnerability exists in the origin ti ...
CVE-2016-7434The read_mru_list function in NTP before 4.2.8p9 allows remote attacke ...
CVE-2016-7433NTP before 4.2.8p9 does not properly perform the initial sync calculat ...
CVE-2016-7431NTP before 4.2.8p9 allows remote attackers to bypass the origin timest ...
CVE-2016-7429NTP before 4.2.8p9 changes the peer structure to the interface it rece ...
CVE-2016-7428ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial o ...
CVE-2016-7427The broadcast mode replay prevention functionality in ntpd in NTP befo ...
CVE-2016-7426NTP before 4.2.8p9 rate limits responses received from the configured ...
CVE-2016-4957ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial o ...
CVE-2016-4956ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...
CVE-2016-4955ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...
CVE-2016-4954The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4 ...
CVE-2016-4953ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...
CVE-2016-2519ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attac ...
CVE-2016-2518The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x befor ...
CVE-2016-2517NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...
CVE-2016-2516NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, all ...
CVE-2016-1551ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f9 ...
CVE-2016-1550An exploitable vulnerability exists in the message authentication func ...
CVE-2016-1549A malicious authenticated peer can create arbitrarily-many ephemeral a ...
CVE-2016-1548An attacker can spoof a packet from a legitimate ntpd server with an o ...
CVE-2016-1547An off-path attacker can cause a preemptible client association to be ...
CVE-2016-0727The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3. ...
CVE-2015-8158The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4. ...
CVE-2015-8140The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to con ...
CVE-2015-8139ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ti ...
CVE-2015-8138NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7979NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7978NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers t ...
CVE-2015-7977ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attac ...
CVE-2015-7976The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4 ...
CVE-2015-7975The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 doe ...
CVE-2015-7974NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer asso ...
CVE-2015-7973NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadca ...
CVE-2015-7871Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x befo ...
CVE-2015-7855The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...
CVE-2015-7854Buffer overflow in the password management functionality in NTP 4.2.x ...
CVE-2015-7853The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8 ...
CVE-2015-7852ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ...
CVE-2015-7851Directory traversal vulnerability in the save_config function in ntpd ...
CVE-2015-7850ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ...
CVE-2015-7849Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-7848An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-b ...
CVE-2015-7705The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4 ...
CVE-2015-7704The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo ...
CVE-2015-7703The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8 ...
CVE-2015-7702The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...
CVE-2015-7701Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4 ...
CVE-2015-7692The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...
CVE-2015-7691The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...
CVE-2015-5300The panic_gate check in NTP before 4.2.8p5 is only re-enabled after th ...
CVE-2015-5219The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not proper ...
CVE-2015-5195ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ...
CVE-2015-5194The log_config_command function in ntp_parser.y in ntpd in NTP before ...
CVE-2015-5146ntpd in ntp before 4.2.8p3 with remote configuration enabled allows re ...
CVE-2015-3405ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ...
CVE-2015-1799The symmetric-key feature in the receive function in ntp_proto.c in nt ...
CVE-2015-1798The symmetric-key feature in the receive function in ntp_proto.c in nt ...
CVE-2014-9751The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...
CVE-2014-9750ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentic ...
CVE-2014-9296The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 contin ...
CVE-2014-9295Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allo ...
CVE-2014-9294util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RN ...
CVE-2014-9293The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...
CVE-2014-5209An Information Disclosure vulnerability exists in NTP 4.2.7p25 private ...
CVE-2013-5211The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ...
CVE-2009-3563ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...
CVE-2009-1252Stack-based buffer overflow in the crypto_recv function in ntp_crypto. ...
CVE-2009-0159Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...
CVE-2009-0021NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...
CVE-2005-2496The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...
CVE-2004-0657Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP se ...

Security announcements

DSA / DLADescription
DLA-2201-1ntp - security update
DSA-3629-1ntp - security update
DLA-559-1ntp - security update
DSA-3388-1ntp - security update
DLA-335-1ntp - security update
DSA-3223-1ntp - security update
DLA-192-1ntp - security update
DSA-3154-2ntp - incomplete fix
DLA-149-1ntp - security update
DSA-3154-1ntp - security update
DSA-3108-1ntp - security update
DLA-116-1ntp - security update
DSA-1948-1ntp - denial of service
DSA-1801-1ntp - several vulnerabilities
DSA-1702-1ntp - cryptographic weakness
DSA-801-1ntp - programming error

Search for package or bug name: Reporting problems