CVE-2015-7853

HIGH

Description

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

References

http://support.ntp.org/bin/view/Main/NtpBug2920

http://www.securityfocus.com/bid/77273

http://www.securitytracker.com/id/1033951

https://bugzilla.redhat.com/show_bug.cgi?id=1274262

https://security.gentoo.org/glsa/201607-15

https://security.netapp.com/advisory/ntap-20171004-0001/

Details

Source: MITRE

Published: 2017-08-07

Updated: 2020-06-18

Type: CWE-120

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
129259	EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2066)	Nessus	Huawei Local Security Checks	high
126847	EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1719)	Nessus	Huawei Local Security Checks	high
125010	EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557)	Nessus	Huawei Local Security Checks	high
123908	EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1222)	Nessus	Huawei Local Security Checks	high
106497	pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)	Nessus	Firewalls	high
102322	AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)	Nessus	AIX Local Security Checks	high
102321	AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)	Nessus	AIX Local Security Checks	high
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	high
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
91403	openSUSE Security Update : ntp (openSUSE-2016-649)	Nessus	SuSE Local Security Checks	high
91314	F5 Networks BIG-IP : NTP vulnerability (K17525)	Nessus	F5 Networks Local Security Checks	high
91248	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)	Nessus	SuSE Local Security Checks	high
90991	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)	Nessus	SuSE Local Security Checks	high
87010	SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)	Nessus	SuSE Local Security Checks	high
86964	openSUSE Security Update : ntp (openSUSE-2015-767)	Nessus	SuSE Local Security Checks	high
86664	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-302-03)	Nessus	Slackware Local Security Checks	high
86631	Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities	Nessus	Misc.	high
86630	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)	Nessus	Ubuntu Local Security Checks	high
86519	FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)	Nessus	FreeBSD Local Security Checks	high