Published: 07/08/2017 Updated: 18/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

ntpq in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to cause a denial of service (crash) via crafted mode 6 response packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntp ntp
ntp ntp 4.2.8
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
netapp oncommand balance -
netapp oncommand performance manager -
netapp oncommand unified manager -
netapp clustered data ontap -
netapp data ontap -
oracle linux 6
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux server aus 7.7
redhat enterprise linux server eus 7.3
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.6
redhat enterprise linux server eus 7.7
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux server tus 7.7
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0

Synopsis Moderate: ntp security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Several security issues were fixed in NTP ...

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...

It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server (CVE-2015-7704) It was found that ntpd d ...

An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq A specially crafted NTP packet could potentially cause ntpq to crash ...

Multiple Cisco products incorporate a version of the ntpd package Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server On October 21st, 2 ...

CWE-20 http://www.securityfocus.com/bid/77288 http://support.ntp.org/bin/view/Main/NtpBug2919 https://security.gentoo.org/glsa/201607-15 http://www.securitytracker.com/id/1033951 http://www.debian.org/security/2015/dsa-3388 https://security.netapp.com/advisory/ntap-20171004-0001/http://rhn.redhat.com/errata/RHSA-2016-2583.html http://rhn.redhat.com/errata/RHSA-2016-0780.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://access.redhat.com/errata/RHSA-2016:2583 https://usn.ubuntu.com/2783-1/https://nvd.nist.gov

CVE-2015-7852

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect