Lucene search

K

[email protected]CVE-2015-7975

HistoryJan 30, 2017 - 9:59 p.m.

CVE-2015-7975

2017-01-3021:59:00

CWE-119

[email protected]

web.nvd.nist.gov

71

cve-2015-7975

ntp

denial of service

application crash

security vulnerability

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

64.2%

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

CPENameOperatorVersion
ntp:ntpntpeq4.3.80
ntp:ntpntpeq4.3.51
ntp:ntpntpeq4.3.17
ntp:ntpntpeq4.3.30
ntp:ntpntpeq4.3.74
ntp:ntpntpeq4.3.67
ntp:ntpntpeq4.3.14
ntp:ntpntpeq4.3.27
ntp:ntpntpeq4.3.13
ntp:ntpntpeq4.3.36

Rows per page:

1-10 of 901

References

lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

support.ntp.org/bin/view/Main/NtpBug2937

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

www.securityfocus.com/bid/81959

www.securitytracker.com/id/1034782

www.ubuntu.com/usn/USN-3096-1

bto.bluecoat.com/security-advisory/sa113

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us

security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

security.gentoo.org/glsa/201607-15

security.netapp.com/advisory/ntap-20171031-0001/

www.kb.cert.org/vuls/id/718152

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

64.2%

Related for CVE-2015-7975

prion1 f52 ubuntucve1 debiancve1 talos1 paloalto1 nessus13 openvas13 slackware1 cisco1 rosalinux1 freebsd_advisory1 freebsd1 suse7 symantec1 ubuntu1 ibm2 cert1 gentoo1