Lucene search

[email protected]NVD:CVE-2015-5300

HistoryJul 21, 2017 - 2:29 p.m.

CVE-2015-5300

2017-07-2114:29:00

CWE-361

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Affected configurations

NVD

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

suselinux_enterprise_debuginfoMatch11sp2

suselinux_enterprise_debuginfoMatch11sp3

suselinux_enterprise_debuginfoMatch11sp4

opensuseleapMatch42.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch10sp4ltss

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp3ltss

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch12

suselinux_enterprise_software_development_kitMatch12sp1

susemanagerMatch2.1

susemanager_proxyMatch2.1

suseopenstack_cloudMatch5

susesuse_linux_enterprise_serverMatch12

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch6.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch6.7.z

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

ntpntpRange≤4.2.8p4

References

aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc

lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

rhn.redhat.com/errata/RHSA-2015-1930.html

seclists.org/bugtraq/2016/Feb/164

support.ntp.org/bin/view/Main/NtpBug2956

support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit

www.debian.org/security/2015/dsa-3388

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.securityfocus.com/bid/77312

www.securitytracker.com/id/1034670

www.ubuntu.com/usn/USN-2783-1

bto.bluecoat.com/security-advisory/sa113

bugzilla.redhat.com/show_bug.cgi?id=1271076

ics-cert.us-cert.gov/advisories/ICSA-15-356-01

security.netapp.com/advisory/ntap-20171004-0001/

support.citrix.com/article/CTX220112

www-01.ibm.com/support/docview.wss?uid=isg3T1023885

www-01.ibm.com/support/docview.wss?uid=isg3T1024073

www-01.ibm.com/support/docview.wss?uid=nas8N1021264

www-01.ibm.com/support/docview.wss?uid=ssg1S1005821

www-01.ibm.com/support/docview.wss?uid=swg21979393

www-01.ibm.com/support/docview.wss?uid=swg21980676

www-01.ibm.com/support/docview.wss?uid=swg21983501

www-01.ibm.com/support/docview.wss?uid=swg21983506

www.cs.bu.edu/~goldbe/NTPattack.html

www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc

www.ibm.com/support/home/docdisplay?lndocid=migr-5099428

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

CVE-2015-5300

Affected configurations

References

Related