Published: 21/07/2017 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The log_config_command function in ntp_parser.y in ntpd in NTP prior to 4.2.7p42 allows remote malicious users to cause a denial of service (ntpd crash) via crafted logconfig commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 22
fedoraproject fedora 21
suse manager proxy 2.1
suse linux enterprise debuginfo 11
suse manager 2.1
suse linux enterprise server 11
suse openstack cloud 5
suse linux enterprise server 10
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux hpc node 6.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
debian debian linux 8.0
debian debian linux 7.0
canonical ubuntu linux 12.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
ntp ntp

Synopsis Moderate: ntp security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Several security issues were fixed in NTP ...

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...

As <a href="supportntporg/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi">discussed upstream</a>, a flaw was found in the way ntpd processed certain remote configuration packets Note that remote configuration is disabled by default in NTP (CVE-2015-5146) It was found that the :config command can be used to se ...

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands ...

CWE-20 https://www-01.ibm.com/support/docview.wss?uid=swg21989542 https://www-01.ibm.com/support/docview.wss?uid=swg21988706 https://www-01.ibm.com/support/docview.wss?uid=swg21986956 https://www-01.ibm.com/support/docview.wss?uid=swg21985122 https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157 https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27 https://bugzilla.redhat.com/show_bug.cgi?id=1254542 http://www.ubuntu.com/usn/USN-2783-1 http://www.securityfocus.com/bid/76475 http://www.openwall.com/lists/oss-security/2015/08/25/3 http://www.debian.org/security/2015/dsa-3388 http://rhn.redhat.com/errata/RHSA-2016-2583.html http://rhn.redhat.com/errata/RHSA-2016-0780.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://access.redhat.com/errata/RHSA-2016:2583 https://nvd.nist.gov https://usn.ubuntu.com/2783-1/

CVE-2015-5194

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect