VDB

GCVE-110-MAGEIA-2015-413

GCVE-110-MAGEIA-2015-413
Advisory Published
Vulnetix · Advisory published October 25, 2015
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time (CVE-2015-5300). Slow memory leak in CRYPTO_ASSOC with autokey (CVE-2015-7701). Incomplete autokey data packet length checks could result in crash caused by a crafted packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702). Clients that receive a KoD should validate the origin timestamp field (CVE-2015-7704). ntpq atoascii() Memory Corruption Vulnerability could result in ntpd crash caused by a crafted packet (CVE-2015-7852). Symmetric association authentication bypass via crypto-NAK (CVE-2015-7871).

Affected Products

VendorProductVersionsPlatforms
Mageiantp0 (affected), * (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›