CVE-2015-7855

MEDIUM

Description

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

References

http://support.ntp.org/bin/view/Main/NtpBug2922

http://www.debian.org/security/2015/dsa-3388

http://www.securityfocus.com/bid/77283

http://www.securitytracker.com/id/1033951

https://bugzilla.redhat.com/show_bug.cgi?id=1274264

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839

https://security.gentoo.org/glsa/201607-15

https://security.netapp.com/advisory/ntap-20171004-0001/

https://www.exploit-db.com/exploits/40840/

Details

Source: MITRE

Published: 2017-08-07

Updated: 2020-06-18

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
129259	EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2066)	Nessus	Huawei Local Security Checks	high
126847	EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1719)	Nessus	Huawei Local Security Checks	high
125010	EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557)	Nessus	Huawei Local Security Checks	high
123698	EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1230)	Nessus	Huawei Local Security Checks	medium
106497	pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)	Nessus	Firewalls	high
102322	AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)	Nessus	AIX Local Security Checks	high
102321	AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)	Nessus	AIX Local Security Checks	high
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	high
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
91403	openSUSE Security Update : ntp (openSUSE-2016-649)	Nessus	SuSE Local Security Checks	high
91330	F5 Networks BIG-IP : NTP vulnerability (K17515)	Nessus	F5 Networks Local Security Checks	medium
91248	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)	Nessus	SuSE Local Security Checks	high
90991	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)	Nessus	SuSE Local Security Checks	high
87010	SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)	Nessus	SuSE Local Security Checks	high
86964	openSUSE Security Update : ntp (openSUSE-2015-767)	Nessus	SuSE Local Security Checks	high
86682	Debian DSA-3388-1 : ntp - security update	Nessus	Debian Local Security Checks	high
86664	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-302-03)	Nessus	Slackware Local Security Checks	high
86640	Debian DLA-335-1 : ntp security update	Nessus	Debian Local Security Checks	high
86631	Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities	Nessus	Misc.	high
86630	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)	Nessus	Ubuntu Local Security Checks	high
86519	FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)	Nessus	FreeBSD Local Security Checks	high