Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2015-5146

Published: 24/08/2017 Updated: 02/08/2018
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Subscribe to Fedoraproject

Vulnerability Summary

ntpd in ntp prior to 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 21

fedoraproject fedora 22

fedoraproject fedora 23

debian debian linux 7.0

debian debian linux 8.0

ntp ntp

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Debian Security Advisories: DSA-3388-1 ntp -- security update
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...
Amazon Linux AMI: ALAS-2015-593
As <a href="supportntporg/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi">discussed upstream</a>, a flaw was found in the way ntpd processed certain remote configuration packets Note that remote configuration is disabled by default in NTP (CVE-2015-5146) It was found that the :config command can be used to se ...
Red Hat: CVE-2015-5146
ntpd in ntp before 428p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet ...

References

CWE-20https://security.gentoo.org/glsa/201509-01https://bugzilla.redhat.com/show_bug.cgi?id=1238136http://www.securitytracker.com/id/1034168http://www.securityfocus.com/bid/75589http://www.debian.org/security/2015/dsa-3388http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secuhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlhttp://bugs.ntp.org/show_bug.cgi?id=2853https://security.netapp.com/advisory/ntap-20180731-0003/https://nvd.nist.govhttps://usn.ubuntu.com/2783-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook