A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory.
Find out more about CVE-2015-7701 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 4.3 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (ntp) | RHSA-2016:0780 | 2016-05-10 |
Red Hat Enterprise Linux 7 (ntp) | RHSA-2016:2583 | 2016-11-03 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 5 | ntp | Will not fix |
Disable NTP autokey authentication by removing, or commenting out, all configuration directives beginning with the 'crypto' keyword in your ntp.conf file.