CVE-2015-5146

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

References

http://bugs.ntp.org/show_bug.cgi?id=2853

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

http://www.debian.org/security/2015/dsa-3388

http://www.securityfocus.com/bid/75589

http://www.securitytracker.com/id/1034168

https://bugzilla.redhat.com/show_bug.cgi?id=1238136

https://security.gentoo.org/glsa/201509-01

https://security.netapp.com/advisory/ntap-20180731-0003/

Details

Source: MITRE

Published: 2017-08-24

Updated: 2018-08-02

Type: CWE-20

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.6

Severity: MEDIUM

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
135619EulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2020-1457)NessusHuawei Local Security Checks
critical
134499EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1210)NessusHuawei Local Security Checks
critical
132172EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2637)NessusHuawei Local Security Checks
medium
131600EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-2446)NessusHuawei Local Security Checks
medium
130677EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-2215)NessusHuawei Local Security Checks
critical
121310Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p3 Denial Of Service VulnerabilityNessusMisc.
medium
105510F5 Networks BIG-IP : NTP vulnerability (K17114)NessusF5 Networks Local Security Checks
medium
89288Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)NessusFedora Local Security Checks
critical
86682Debian DSA-3388-1 : ntp - security updateNessusDebian Local Security Checks
critical
86640Debian DLA-335-1 : ntp security updateNessusDebian Local Security Checks
critical
86630Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)NessusUbuntu Local Security Checks
critical
86331Fedora 22 : ntp-4.2.6p5-33.fc22 (2015-14212)NessusFedora Local Security Checks
high
86132GLSA-201509-01 : NTP: Multiple vulnerablitiesNessusGentoo Local Security Checks
medium
86027Fedora 23 : ntp-4.2.6p5-33.fc23 (2015-14213)NessusFedora Local Security Checks
high
85751Amazon Linux AMI : ntp (ALAS-2015-593)NessusAmazon Linux Local Security Checks
high
84590Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-188-03)NessusSlackware Local Security Checks
medium