Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-5300

Published: 21/07/2017 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Fedoraproject

Vulnerability Summary

The panic_gate check in NTP prior to 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote malicious users to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 21

fedoraproject fedora 22

suse linux enterprise desktop 12

suse linux enterprise server 12

suse linux enterprise server 11

suse linux enterprise server 10

opensuse leap 42.1

suse openstack cloud 5

suse linux enterprise debuginfo 11

suse manager proxy 2.1

suse manager 2.1

suse suse linux enterprise server 12

suse linux enterprise software development kit 12

opensuse opensuse 13.2

redhat enterprise linux desktop 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux hpc node eus 7.1

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server eus 6.7.z

redhat enterprise linux server eus 7.1

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

debian debian linux 8.0

debian debian linux 7.0

canonical ubuntu linux 15.04

canonical ubuntu linux 12.04

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

ntp ntp

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Debian Security Advisories: DSA-3388-1 ntp -- security update
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...
Amazon Linux AMI: ALAS-2015-607
It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server (CVE-2015-7704) It was found that ntpd d ...
Red Hat: CVE-2015-5300
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic thresh ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem Several security issues have been identified within Citrix XenServer These issues could, if exploited, allow an authenticated administrator to perform a denial-of-service attack against the host, even when that administrator has a less-privileged RBAC role (eg read-only)  In addition, the issues could permit an attac ...

Recent Articles

Got a time machine? Good, you can brute-force 2FA
The Register • Richard Chirgwin • 12 Nov 2015

Get rid of ntpdate, patch ntpd, says security researcher

Time-based two-factor authentication tokens, and plug-ins that use them, are only as good as your time signal, and in the right (wrong) circumstances, they can be brute-forced. Security researcher Gabor Szathmari says the problem is that if your 2FA tokens depend on the network time protocol (NTP), it's too easy for a sysadmin to put together an attackable implementation. As he explains in two posts here (the background) and here (proof of concept), if an attacker can trick NTP, they can mount a...

Read more...

References

CWE-361https://www-01.ibm.com/support/docview.wss?uid=swg21983506https://www-01.ibm.com/support/docview.wss?uid=swg21983501https://www-01.ibm.com/support/docview.wss?uid=swg21980676https://www-01.ibm.com/support/docview.wss?uid=swg21979393https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttps://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttps://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.aschttps://www.cs.bu.edu/~goldbe/NTPattack.htmlhttps://support.citrix.com/article/CTX220112https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01https://bugzilla.redhat.com/show_bug.cgi?id=1271076https://bto.bluecoat.com/security-advisory/sa113http://www.ubuntu.com/usn/USN-2783-1http://www.securitytracker.com/id/1034670http://www.securityfocus.com/bid/77312http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.debian.org/security/2015/dsa-3388http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securithttp://support.ntp.org/bin/view/Main/NtpBug2956http://seclists.org/bugtraq/2016/Feb/164http://rhn.redhat.com/errata/RHSA-2015-1930.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.htmlhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.aschttps://security.netapp.com/advisory/ntap-20171004-0001/https://nvd.nist.govhttps://usn.ubuntu.com/2783-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook