Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K02360853
HistoryJan 21, 2016 - 12:00 a.m.

K02360853 : NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195

2016-01-2100:00:00
my.f5.com
12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

89.9%

JSON

Security Advisory Description

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Impact

The ntpdprocess could stop responding, due to an uninitialized variable, when processing malformed configuration commands.

F5 has evaluated this vulnerability as having low impact to the BIG-IP product line for the following reasons:

  • This issue is not exposed in a BIG-IP system default configuration.
  • The configuration that exposes the issue is not recommended by F5.

Related

f5 1
nessus 23
veracode 2
prion 2
ubuntucve 2
debiancve 2
fedora 3
openvas 18
cve 3
mageia 1
amazon 1
redhat 2
centos 2
oraclelinux 2
ibm 7
osv 2
debian 2
securityvulns 2
ubuntu 1
suse 3
f5
f5
SOL02360853 - NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195
2016-01-21 00:00:00
nessus
nessus
F5 Networks BIG-IP : NTP vulnerabilities (K02360853)
2017-03-01 00:00:00
Fedora 23 : ntp-4.2.6p5-33.fc23 (2015-14213)
2015-09-21 00:00:00
Fedora 22 : ntp-4.2.6p5-33.fc22 (2015-14212)
2015-10-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:53
Denial Of Service (DoS)
2019-05-02 05:29:36
prion
prion
Command injection
2017-07-21 14:29:00
Design/Logic Flaw
2017-07-21 14:29:00
ubuntucve
ubuntucve
CVE-2015-5194
2015-08-25 00:00:00
CVE-2015-5195
2015-08-25 00:00:00
debiancve
debiancve
CVE-2015-5194
2017-07-21 14:29:00
CVE-2015-5195
2017-07-21 14:29:00
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-33.fc23
2015-09-20 15:27:57
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-33.fc22
2015-10-12 02:20:00
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-34.fc21
2015-11-04 22:51:44
openvas
openvas
NTP < 4.2.7p42 DoS Vulnerability
2021-07-07 00:00:00
Mageia: Security Advisory (MGASA-2015-0348)
2015-10-15 00:00:00
Fedora Update for ntp FEDORA-2015-14212
2015-10-13 00:00:00
cve
cve
CVE-2015-5194
2017-07-21 14:29:00
CVE-2015-5195
2017-07-21 14:29:00
CVE-2015-5192
2015-08-20 23:59:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-09-08 20:55:59
amazon
amazon
Low: ntp
2015-09-02 12:00:00
redhat
redhat
(RHSA-2016:0780) Moderate: ntp security and bug fix update
2016-05-10 06:42:20
(RHSA-2016:2583) Moderate: ntp security and bug fix update
2016-11-03 06:07:15
centos
centos
ntp, ntpdate security update
2016-05-16 10:19:19
ntp, ntpdate, sntp security update
2016-11-25 16:00:55
oraclelinux
oraclelinux
ntp security and bug fix update
2016-05-12 00:00:00
ntp security and bug fix update
2016-11-09 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect PowerKVM
2018-06-18 01:34:47
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in NTP
2018-06-16 21:45:47
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in NTP
2018-06-16 21:45:47
osv
osv
ntp - security update
2015-11-01 00:00:00
ntp - security update
2015-10-28 00:00:00
debian
debian
[SECURITY] [DLA 335-1] ntp security update
2015-10-28 20:45:22
[SECURITY] [DSA 3388-1] ntp security update
2015-11-01 22:21:19
securityvulns
securityvulns
ntp multiple security vulnerabilities
2015-11-01 00:00:00
[USN-2783-1] NTP vulnerabilities
2015-11-01 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2015-10-27 00:00:00
suse
suse
Security update for ntp (important)
2016-05-17 15:09:17
Security update for ntp (important)
2016-07-29 19:08:48
Security update for yast2-ntp-client (important)
2016-08-17 21:08:25

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

89.9%

JSON
Related for F5:K02360853
f51nessus23veracode2prion2ubuntucve2debiancve2fedora3openvas18cve3mageia1amazon1redhat2centos2oraclelinux2ibm7osv2debian2securityvulns2ubuntu1suse3