FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ntp -- 13 low- and medium-severity vulnerabilities

Affected packages
ntp < 4.2.8p4
ntp-devel < 4.3.76
10.2 <= FreeBSD < 10.2_7
10.1 <= FreeBSD < 10.1_24
9.3 <= FreeBSD < 9.3_30

Details

VuXML ID c4a18a12-77fc-11e5-a687-206a8a720317
Discovery 2015-10-21
Entry 2015-10-21
Modified 2016-08-09

ntp.org reports:

NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015:

The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4.

Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here:

References

CVE Name CVE-2015-7691
CVE Name CVE-2015-7692
CVE Name CVE-2015-7701
CVE Name CVE-2015-7702
CVE Name CVE-2015-7703
CVE Name CVE-2015-7704
CVE Name CVE-2015-7705
CVE Name CVE-2015-7848
CVE Name CVE-2015-7849
CVE Name CVE-2015-7850
CVE Name CVE-2015-7851
CVE Name CVE-2015-7852
CVE Name CVE-2015-7853
CVE Name CVE-2015-7854
CVE Name CVE-2015-7855
CVE Name CVE-2015-7871
FreeBSD Advisory SA-15:25.ntp
URL http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities