CVE-2015-5300HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://rhn.redhat.com/errata/RHSA-2015-1930.html
http://seclists.org/bugtraq/2016/Feb/164
http://support.ntp.org/bin/view/Main/NtpBug2956
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit
http://www.debian.org/security/2015/dsa-3388
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/77312
http://www.securitytracker.com/id/1034670
http://www.ubuntu.com/usn/USN-2783-1
https://bto.bluecoat.com/security-advisory/sa113
https://bugzilla.redhat.com/show_bug.cgi?id=1271076
https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01
https://security.netapp.com/advisory/ntap-20171004-0001/
https://support.citrix.com/article/CTX220112
https://www.cs.bu.edu/~goldbe/NTPattack.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073
https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821
https://www-01.ibm.com/support/docview.wss?uid=swg21979393
https://www-01.ibm.com/support/docview.wss?uid=swg21980676
Details
Source: MITRE
Published: 2017-07-21
Updated: 2018-10-30
Type: CWE-361
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 4
OR
Configuration 5
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Configuration 6
OR
cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:* versions up to 4.2.8 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125009 | EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556) | Nessus | Huawei Local Security Checks | critical |
| 121311 | Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p5 Denial Of Service Vulnerability | Nessus | Misc. | high |
| 106499 | pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02) | Nessus | Firewalls | critical |
| 102323 | AIX NTP v4 Advisory : ntp_advisory5.asc (IV81129) (IV81130) | Nessus | AIX Local Security Checks | medium |
| 96928 | Citrix XenServer Multiple Vulnerabilities (CTX220112) | Nessus | Misc. | critical |
| 93186 | SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1) | Nessus | SuSE Local Security Checks | critical |
| 91419 | OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082) | Nessus | OracleVM Local Security Checks | high |
| 91403 | openSUSE Security Update : ntp (openSUSE-2016-649) | Nessus | SuSE Local Security Checks | critical |
| 91248 | SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1) | Nessus | SuSE Local Security Checks | critical |
| 91111 | openSUSE Security Update : ntp (openSUSE-2016-578) | Nessus | SuSE Local Security Checks | high |
| 90991 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1) | Nessus | SuSE Local Security Checks | critical |
| 90821 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1) | Nessus | SuSE Local Security Checks | high |
| 90820 | SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1) | Nessus | SuSE Local Security Checks | high |
| 89672 | AIX NTP Advisory : ntp_advisory5 (IV81129) (IV81130) | Nessus | AIX Local Security Checks | medium |
| 89510 | Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8) | Nessus | Fedora Local Security Checks | critical |
| 89461 | Fedora 23 : ntp-4.2.6p5-34.fc23 (2015-f5f5ec7b6b) | Nessus | Fedora Local Security Checks | critical |
| 89288 | Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd) | Nessus | Fedora Local Security Checks | critical |
| 88917 | F5 Networks BIG-IP : NTP vulnerability (K10600056) | Nessus | F5 Networks Local Security Checks | high |
| 88912 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04) | Nessus | Slackware Local Security Checks | high |
| 87790 | FreeBSD : ntp -- denial of service vulnerability (4eae4f46-b5ce-11e5-8a2b-d050996490d0) | Nessus | FreeBSD Local Security Checks | high |
| 86682 | Debian DSA-3388-1 : ntp - security update | Nessus | Debian Local Security Checks | critical |
| 86640 | Debian DLA-335-1 : ntp security update | Nessus | Debian Local Security Checks | critical |
| 86638 | Amazon Linux AMI : ntp (ALAS-2015-607) | Nessus | Amazon Linux Local Security Checks | critical |
| 86630 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1) | Nessus | Ubuntu Local Security Checks | critical |
| 86615 | Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20151026) | Nessus | Scientific Linux Local Security Checks | high |
| 86614 | RHEL 6 / 7 : ntp (RHSA-2015:1930) | Nessus | Red Hat Local Security Checks | high |
| 86613 | OracleVM 3.3 : ntp (OVMSA-2015-0140) | Nessus | OracleVM Local Security Checks | high |
| 86612 | Oracle Linux 6 / 7 : ntp (ELSA-2015-1930) | Nessus | Oracle Linux Local Security Checks | high |
| 86611 | CentOS 6 / 7 : ntp (CESA-2015:1930) | Nessus | CentOS Local Security Checks | high |