Information on source package ntp

Available versions

ReleaseVersion
jessie1:4.2.6.p5+dfsg-7+deb8u3
stretch1:4.2.8p10+dfsg-3+deb9u2
buster1:4.2.8p12+dfsg-4
bullseye1:4.2.8p15+dfsg-1

Open issues

BugjessiestretchbusterbullseyeDescription
CVE-2023-26555vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...
CVE-2020-15025fixedfixedvulnerable (no DSA)fixedntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...
CVE-2020-13817vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...
CVE-2020-11868fixedvulnerable (no DSA)vulnerable (no DSA)fixedntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...
CVE-2018-8956vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA, ignored)fixedntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...
CVE-2018-7185vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attac ...
CVE-2018-7184vulnerable (no DSA)vulnerable (no DSA)fixedfixedntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...
CVE-2018-7183vulnerable (no DSA)vulnerable (no DSA)fixedfixedBuffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 throu ...
CVE-2018-7182vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedThe ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows r ...
CVE-2018-7170vulnerable (no DSA)vulnerable (no DSA)fixedfixedntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ...
CVE-2017-6464vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...
CVE-2017-6463vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticate ...
CVE-2016-9311vulnerable (no DSA)fixedfixedfixedntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...
CVE-2016-9310vulnerable (no DSA)fixedfixedfixedThe control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...
CVE-2016-7429vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p9 changes the peer structure to the interface it rece ...
CVE-2016-7426vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p9 rate limits responses received from the configured ...
CVE-2016-4955vulnerable (no DSA)fixedfixedfixedntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...
CVE-2016-4954vulnerable (no DSA)fixedfixedfixedThe process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4 ...
CVE-2016-2519vulnerable (no DSA)fixedfixedfixedntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attac ...
CVE-2016-1549vulnerable (no DSA)fixedfixedfixedA malicious authenticated peer can create arbitrarily-many ephemeral a ...
CVE-2016-0727vulnerable (no DSA)fixedfixedfixedThe crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3. ...
CVE-2015-8140vulnerable (no DSA)fixedfixedfixedThe ntpq protocol in NTP before 4.2.8p7 allows remote attackers to con ...
CVE-2015-8139vulnerable (no DSA)fixedfixedfixedntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ti ...
CVE-2015-7976vulnerable (no DSA)fixedfixedfixedThe ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4 ...
CVE-2015-7973vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadca ...
CVE-2015-7705vulnerable (no DSA)fixedfixedfixedThe rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4 ...
CVE-2014-5209vulnerable (no DSA, ignored)fixedfixedfixedAn Information Disclosure vulnerability exists in NTP 4.2.7p25 private ...
CVE-2013-5211vulnerable (no DSA)fixedfixedfixedThe monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ...

Open unimportant issues

BugjessiestretchbusterbullseyeDescription
CVE-2023-26554vulnerablevulnerablevulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2023-26553vulnerablevulnerablevulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2023-26552vulnerablevulnerablevulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2023-26551vulnerablevulnerablevulnerablevulnerablemstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...
CVE-2018-12327vulnerablevulnerablevulnerablevulnerableStack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...
CVE-2017-6462vulnerablefixedfixedfixedBuffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...
CVE-2017-6458vulnerablefixedfixedfixedMultiple buffer overflows in the ctl_put* functions in NTP before 4.2. ...
CVE-2016-2517vulnerablefixedfixedfixedNTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...

Resolved issues

BugDescription
CVE-2019-8936NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2017-6460Stack-based buffer overflow in the reslist function in ntpq in NTP bef ...
CVE-2017-6459The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...
CVE-2017-6455NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...
CVE-2017-6452Stack-based buffer overflow in the Windows installer for NTP before 4. ...
CVE-2017-6451The mx4200_send function in the legacy MX4200 refclock in NTP before 4 ...
CVE-2016-9312ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ...
CVE-2016-9042An exploitable denial of service vulnerability exists in the origin ti ...
CVE-2016-7434The read_mru_list function in NTP before 4.2.8p9 allows remote attacke ...
CVE-2016-7433NTP before 4.2.8p9 does not properly perform the initial sync calculat ...
CVE-2016-7431NTP before 4.2.8p9 allows remote attackers to bypass the origin timest ...
CVE-2016-7428ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial o ...
CVE-2016-7427The broadcast mode replay prevention functionality in ntpd in NTP befo ...
CVE-2016-4957ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial o ...
CVE-2016-4956ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...
CVE-2016-4953ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...
CVE-2016-2518The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x befor ...
CVE-2016-2516NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, all ...
CVE-2016-1551ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f9 ...
CVE-2016-1550An exploitable vulnerability exists in the message authentication func ...
CVE-2016-1548An attacker can spoof a packet from a legitimate ntpd server with an o ...
CVE-2016-1547An off-path attacker can cause a preemptible client association to be ...
CVE-2015-8158The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4. ...
CVE-2015-8138NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7979NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7978NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers t ...
CVE-2015-7977ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attac ...
CVE-2015-7975The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 doe ...
CVE-2015-7974NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer asso ...
CVE-2015-7871Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x befo ...
CVE-2015-7855The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...
CVE-2015-7854Buffer overflow in the password management functionality in NTP 4.2.x ...
CVE-2015-7853The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8 ...
CVE-2015-7852ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ...
CVE-2015-7851Directory traversal vulnerability in the save_config function in ntpd ...
CVE-2015-7850ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ...
CVE-2015-7849Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-7848An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-b ...
CVE-2015-7704The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo ...
CVE-2015-7703The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8 ...
CVE-2015-7702The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...
CVE-2015-7701Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4 ...
CVE-2015-7692The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...
CVE-2015-7691The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...
CVE-2015-5300The panic_gate check in NTP before 4.2.8p5 is only re-enabled after th ...
CVE-2015-5219The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not proper ...
CVE-2015-5195ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ...
CVE-2015-5194The log_config_command function in ntp_parser.y in ntpd in NTP before ...
CVE-2015-5146ntpd in ntp before 4.2.8p3 with remote configuration enabled allows re ...
CVE-2015-3405ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ...
CVE-2015-1799The symmetric-key feature in the receive function in ntp_proto.c in nt ...
CVE-2015-1798The symmetric-key feature in the receive function in ntp_proto.c in nt ...
CVE-2014-9751The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...
CVE-2014-9750ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentic ...
CVE-2014-9296The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 contin ...
CVE-2014-9295Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allo ...
CVE-2014-9294util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RN ...
CVE-2014-9293The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...
CVE-2009-3563ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...
CVE-2009-1252Stack-based buffer overflow in the crypto_recv function in ntp_crypto. ...
CVE-2009-0159Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...
CVE-2009-0021NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...
CVE-2005-2496The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...
CVE-2004-0657Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP se ...

Security announcements

DSA / DLADescription
DLA-2201-1ntp - security update
ELA-224-2ntp - regression update
ELA-224-1ntp - security update
DSA-3629-1ntp - security update
DLA-559-1ntp - security update
DSA-3388-1ntp - security update
DLA-335-1ntp - security update
DSA-3223-1ntp - security update
DLA-192-1ntp - security update
DSA-3154-2ntp - incomplete fix
DLA-149-1ntp - security update
DSA-3154-1ntp - security update
DSA-3108-1ntp - security update
DLA-116-1ntp - security update
DSA-1948-1ntp - denial of service
DSA-1801-1ntp - several vulnerabilities
DSA-1702-1ntp - cryptographic weakness
DSA-801-1ntp - programming error

Search for package or bug name: Reporting problems