CVE-2015-5300

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

References

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

http://rhn.redhat.com/errata/RHSA-2015-1930.html

http://seclists.org/bugtraq/2016/Feb/164

http://support.ntp.org/bin/view/Main/NtpBug2956

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit

http://www.debian.org/security/2015/dsa-3388

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.securityfocus.com/bid/77312

http://www.securitytracker.com/id/1034670

http://www.ubuntu.com/usn/USN-2783-1

https://bto.bluecoat.com/security-advisory/sa113

https://bugzilla.redhat.com/show_bug.cgi?id=1271076

https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01

https://security.netapp.com/advisory/ntap-20171004-0001/

https://support.citrix.com/article/CTX220112

https://www.cs.bu.edu/~goldbe/NTPattack.html

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428

https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885

https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073

https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264

https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821

https://www-01.ibm.com/support/docview.wss?uid=swg21979393

https://www-01.ibm.com/support/docview.wss?uid=swg21980676

https://www-01.ibm.com/support/docview.wss?uid=swg21983501

https://www-01.ibm.com/support/docview.wss?uid=swg21983506

Details

Source: MITRE

Published: 2017-07-21

Updated: 2018-10-30

Type: CWE-361

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:* versions up to 4.2.8 (inclusive)

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
125009EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)NessusHuawei Local Security Checks
critical
121311Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p5 Denial Of Service VulnerabilityNessusMisc.
high
106499pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)NessusFirewalls
critical
102323AIX NTP v4 Advisory : ntp_advisory5.asc (IV81129) (IV81130)NessusAIX Local Security Checks
medium
96928Citrix XenServer Multiple Vulnerabilities (CTX220112)NessusMisc.
critical
93186SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)NessusSuSE Local Security Checks
critical
91419OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)NessusOracleVM Local Security Checks
high
91403openSUSE Security Update : ntp (openSUSE-2016-649)NessusSuSE Local Security Checks
critical
91248SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)NessusSuSE Local Security Checks
critical
91111openSUSE Security Update : ntp (openSUSE-2016-578)NessusSuSE Local Security Checks
high
90991SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)NessusSuSE Local Security Checks
critical
90821SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)NessusSuSE Local Security Checks
high
90820SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)NessusSuSE Local Security Checks
high
89672AIX NTP Advisory : ntp_advisory5 (IV81129) (IV81130)NessusAIX Local Security Checks
medium
89510Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8)NessusFedora Local Security Checks
critical
89461Fedora 23 : ntp-4.2.6p5-34.fc23 (2015-f5f5ec7b6b)NessusFedora Local Security Checks
critical
89288Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)NessusFedora Local Security Checks
critical
88917F5 Networks BIG-IP : NTP vulnerability (K10600056)NessusF5 Networks Local Security Checks
high
88912Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04)NessusSlackware Local Security Checks
high
87790FreeBSD : ntp -- denial of service vulnerability (4eae4f46-b5ce-11e5-8a2b-d050996490d0)NessusFreeBSD Local Security Checks
high
86682Debian DSA-3388-1 : ntp - security updateNessusDebian Local Security Checks
critical
86640Debian DLA-335-1 : ntp security updateNessusDebian Local Security Checks
critical
86638Amazon Linux AMI : ntp (ALAS-2015-607)NessusAmazon Linux Local Security Checks
critical
86630Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)NessusUbuntu Local Security Checks
critical
86615Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20151026)NessusScientific Linux Local Security Checks
high
86614RHEL 6 / 7 : ntp (RHSA-2015:1930)NessusRed Hat Local Security Checks
high
86613OracleVM 3.3 : ntp (OVMSA-2015-0140)NessusOracleVM Local Security Checks
high
86612Oracle Linux 6 / 7 : ntp (ELSA-2015-1930)NessusOracle Linux Local Security Checks
high
86611CentOS 6 / 7 : ntp (CESA-2015:1930)NessusCentOS Local Security Checks
high