Yihan Lian

**Name of the Vulnerable Software and Affected Versions** ntp versions 4.2.8p6 through 4.2.8p10 **Description** The issue is related to the `ctl getitem` method in `ntpd`, which is part of the NTP protocol implementation. It involves a buffer read beyond its boundaries in memory. This can be exploited by a remote attacker using specially crafted mode 6 packets, potentially leading to a denial of service. Additionally, there's a concern about the failure to prevent Sybil attacks from authenticated peers, which could allow an attacker to bypass security restrictions and modify a victim's clock by creating multiple ephemeral associations. **Recommendations** For versions 4.2.8p6 through 4.2.8p10, update to version 4.2.8p11 or later to resolve the issue. As a temporary workaround, consider restricting access to mode 6 packets to minimize the risk of exploitation. Restrict the ability to create multiple ephemeral associations to prevent Sybil attacks.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.x before 4.7.3 **Description** The issue is related to a use-after-free vulnerability in the implementation of the SMB1 protocol in the Samba network interaction software package. This vulnerability can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability allows remote attackers to execute arbitrary code via a crafted SMB1 request, potentially giving them control over the contents of dynamic memory. **Recommendations** For Samba versions 4.x before 4.7.3, update to version 4.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMB1 protocol until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 3.2.6 FFmpeg version 3.3.x prior to 3.3.3 **Description** The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, by using a crafted mov file. This is related to the dnxhd decoder in FFmpeg. **Recommendations** For FFmpeg versions prior to 3.2.6, update to version 3.2.6 or later. For FFmpeg version 3.3.x prior to 3.3.3, update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** NTP versions 4.2.8p7 and earlier, 4.3.x before 4.3.92 **Description** The issue allows remote attackers to cause a denial of service by preventing subsequent authentication. This is achieved by leveraging knowledge of the `controlkey` or `requestkey` and sending a crafted packet to `ntpd`, which changes the value of `trustedkey`, `controlkey`, or `requestkey`. The vulnerability exists due to a regression of a previous issue. **Recommendations** For NTP versions 4.2.8p7 and earlier: update to version 4.2.8p7 or later. For NTP versions 4.3.x before 4.3.92: update to version 4.3.92 or later. As a temporary workaround, consider restricting access to the `ntpd` service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p7 NTP versions 4.3.x prior to 4.3.92 **Description** The issue allows remote attackers to cause a denial of service, resulting in ntpd abort. This is triggered by a large request data value, which causes the `ctl getitem` function to return a NULL value. **Recommendations** For NTP versions prior to 4.2.8p7, update to version 4.2.8p7 or later. For NTP versions 4.3.x prior to 4.3.92, update to version 4.3.92 or later.

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p7 NTP versions 4.3.x prior to 4.3.92 **Description** The issue allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive when mode7 is enabled. **Recommendations** For NTP versions prior to 4.2.8p7, update to version 4.2.8p7 or later to resolve the issue. For NTP versions 4.3.x prior to 4.3.92, update to version 4.3.92 or later to resolve the issue. As a temporary workaround, consider disabling mode7 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p9 NTP versions 4.3.x prior to 4.3.92 **Description** The issue allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large `hmode` value. This is related to the `MATCH ASSOC` function. **Recommendations** For NTP versions prior to 4.2.8p9, update to version 4.2.8p9 or later. For NTP versions 4.3.x prior to 4.3.92, update to version 4.3.92 or later.

**Name of the Vulnerable Software and Affected Versions** Xen (affected versions not specified) **Description** The issue is caused by an integer overflow in the x86 shadow pagetable code. This can be exploited by a local attacker to cause a denial of service, resulting in a host crash, or possibly gain privileges by shadowing a superpage mapping. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.