Published: 07/08/2017 Updated: 18/06/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The crypto_xmit function in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntp ntp
ntp ntp 4.2.8
oracle linux 6
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
netapp oncommand performance manager -
netapp oncommand unified manager -
netapp clustered data ontap -
netapp data ontap -
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux server aus 7.7
redhat enterprise linux server eus 7.3
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.6
redhat enterprise linux server eus 7.7
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux server tus 7.7
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0

Synopsis Moderate: ntp security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Several security issues were fixed in NTP ...

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...

It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server (CVE-2015-7704) It was found that ntpd d ...

It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_cryptoc, where a packet with particular autokey operations that contained malicious data was not always being completely validated A remote attacker could use a specially crafted NTP packet to crash ntpd ...

Multiple Cisco products incorporate a version of the ntpd package Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server On October 21st, 2 ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=1274254 http://www.securityfocus.com/bid/77285 http://support.ntp.org/bin/view/Main/NtpBug2899 https://security.gentoo.org/glsa/201607-15 http://www.securitytracker.com/id/1033951 http://www.debian.org/security/2015/dsa-3388 https://security.netapp.com/advisory/ntap-20171004-0001/http://rhn.redhat.com/errata/RHSA-2016-2583.html http://rhn.redhat.com/errata/RHSA-2016-0780.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://access.redhat.com/errata/RHSA-2016:2583 https://nvd.nist.gov https://usn.ubuntu.com/2783-1/

CVE-2015-7692

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect