CVE-2015-5300

MEDIUM

Description

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

References

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

http://rhn.redhat.com/errata/RHSA-2015-1930.html

http://seclists.org/bugtraq/2016/Feb/164

http://support.ntp.org/bin/view/Main/NtpBug2956

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit

http://www.debian.org/security/2015/dsa-3388

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.securityfocus.com/bid/77312

http://www.securitytracker.com/id/1034670

http://www.ubuntu.com/usn/USN-2783-1

https://bto.bluecoat.com/security-advisory/sa113

https://bugzilla.redhat.com/show_bug.cgi?id=1271076

https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01

https://security.netapp.com/advisory/ntap-20171004-0001/

https://support.citrix.com/article/CTX220112

https://www.cs.bu.edu/~goldbe/NTPattack.html

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428

https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885

https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073

https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264

https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821

https://www-01.ibm.com/support/docview.wss?uid=swg21979393

https://www-01.ibm.com/support/docview.wss?uid=swg21980676

https://www-01.ibm.com/support/docview.wss?uid=swg21983501

https://www-01.ibm.com/support/docview.wss?uid=swg21983506

Details

Source: MITRE

Published: 2017-07-21

Updated: 2018-10-30

Type: CWE-361

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:* versions up to 4.2.8 (inclusive)

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
125009EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)NessusHuawei Local Security Checks
high
121311Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p5 Denial Of Service VulnerabilityNessusMisc.
medium
106499pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)NessusFirewalls
critical
102323AIX NTP v4 Advisory : ntp_advisory5.asc (IV81129) (IV81130)NessusAIX Local Security Checks
medium
96928Citrix XenServer Multiple Vulnerabilities (CTX220112)NessusMisc.
high
93186SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)NessusSuSE Local Security Checks
high
91419OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)NessusOracleVM Local Security Checks
medium
91403openSUSE Security Update : ntp (openSUSE-2016-649)NessusSuSE Local Security Checks
high
91248SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)NessusSuSE Local Security Checks
high
91111openSUSE Security Update : ntp (openSUSE-2016-578)NessusSuSE Local Security Checks
medium
90991SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)NessusSuSE Local Security Checks
high
90821SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)NessusSuSE Local Security Checks
medium
90820SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)NessusSuSE Local Security Checks
medium
89672AIX NTP Advisory : ntp_advisory5 (IV81129) (IV81130)NessusAIX Local Security Checks
medium
89510Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8)NessusFedora Local Security Checks
high
89461Fedora 23 : ntp-4.2.6p5-34.fc23 (2015-f5f5ec7b6b)NessusFedora Local Security Checks
high
89288Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)NessusFedora Local Security Checks
high
88917F5 Networks BIG-IP : NTP vulnerability (K10600056)NessusF5 Networks Local Security Checks
medium
88912Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04)NessusSlackware Local Security Checks
medium
87790FreeBSD : ntp -- denial of service vulnerability (4eae4f46-b5ce-11e5-8a2b-d050996490d0)NessusFreeBSD Local Security Checks
medium
86682Debian DSA-3388-1 : ntp - security updateNessusDebian Local Security Checks
high
86640Debian DLA-335-1 : ntp security updateNessusDebian Local Security Checks
high
86638Amazon Linux AMI : ntp (ALAS-2015-607)NessusAmazon Linux Local Security Checks
high
86630Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)NessusUbuntu Local Security Checks
high
86615Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20151026)NessusScientific Linux Local Security Checks
medium
86614RHEL 6 / 7 : ntp (RHSA-2015:1930)NessusRed Hat Local Security Checks
medium
86613OracleVM 3.3 : ntp (OVMSA-2015-0140)NessusOracleVM Local Security Checks
medium
86612Oracle Linux 6 / 7 : ntp (ELSA-2015-1930)NessusOracle Linux Local Security Checks
medium
86611CentOS 6 / 7 : ntp (CESA-2015:1930)NessusCentOS Local Security Checks
medium