FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c2576e14-36e2-11e9-9eda-206a8a720317	ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet Network Time Foundation reports: A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization. Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service. Mitigation: Use restrict noquery to limit addresses that can send mode 6 queries. Limit access to the private controlkey in ntp.keys. Upgrade to 4.2.8p13, or later. Discovery 2019-01-15 Entry 2019-03-07 Modified 2019-07-30 ntp < 4.2.8p13 FreeBSD >= 12.0 lt 12.0_2 >= 11.2 lt 11.2_8 http://bugs.ntp.org/3565 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8936 https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:M/C:N/I:N/A:C) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2019-8936 SA-19:04.ntp
591a706b-5cdc-11ea-9a0a-206a8a720317	ntp -- Multiple vulnerabilities nwtime.org reports: Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process. NTP Bug 3610: Process_control() should exit earlier on short packets. On systems that override the default and enable ntpdc (mode 7) fuzz testing detected that a short packet will cause ntpd to read uninitialized data. NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to attack on IPv4 with highly predictable transmit timestamps. An off-path attacker who can query time from the victim's ntp which receives time from an unauthenticated time source must be able to send from a spoofed IPv4 address of upstream ntp server and and the victim must be able to process a large number of packets with the spoofed IPv4 address of the upstream server. After eight or more successful attacks in a row the attacker can either modify the victim's clock by a small amount or cause ntpd to terminate. The attack is especially effective when unusually short poll intervals have been configured. NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such that a ntp can be prevented from initiating a time volley to its peer resulting in a DoS. All three NTP bugs may result in DoS or terimation of the ntp daemon. Discovery 2019-05-30 Entry 2020-03-03 FreeBSD >= 11.3 lt 11.3_7 >= 12.1 lt 12.1_3 ntp < 4.2.8p14 ntp-devel <= 4.3.99_6 SA-20:09.ntp

VuXML ID

Description

c2576e14-36e2-11e9-9eda-206a8a720317

ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Network Time Foundation reports:

A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd.

Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.

Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.

Mitigation:

Use restrict noquery to limit addresses that can send mode 6 queries.

Limit access to the private controlkey in ntp.keys.

Upgrade to 4.2.8p13, or later.

Discovery 2019-01-15
Entry 2019-03-07
Modified 2019-07-30
ntp

< 4.2.8p13

FreeBSD

>= 12.0 lt 12.0_2

>= 11.2 lt 11.2_8

http://bugs.ntp.org/3565
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8936
https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:M/C:N/I:N/A:C)
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2019-8936
SA-19:04.ntp

591a706b-5cdc-11ea-9a0a-206a8a720317

ntp -- Multiple vulnerabilities

nwtime.org reports:

Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process.

NTP Bug 3610: Process_control() should exit earlier on short packets. On systems that override the default and enable ntpdc (mode 7) fuzz testing detected that a short packet will cause ntpd to read uninitialized data.

NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to attack on IPv4 with highly predictable transmit timestamps. An off-path attacker who can query time from the victim's ntp which receives time from an unauthenticated time source must be able to send from a spoofed IPv4 address of upstream ntp server and and the victim must be able to process a large number of packets with the spoofed IPv4 address of the upstream server. After eight or more successful attacks in a row the attacker can either modify the victim's clock by a small amount or cause ntpd to terminate. The attack is especially effective when unusually short poll intervals have been configured.

NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such that a ntp can be prevented from initiating a time volley to its peer resulting in a DoS.

All three NTP bugs may result in DoS or terimation of the ntp daemon.

Discovery 2019-05-30
Entry 2020-03-03
FreeBSD

>= 11.3 lt 11.3_7

>= 12.1 lt 12.1_3

ntp

< 4.2.8p14

ntp-devel

<= 4.3.99_6

SA-20:09.ntp