Lucene search

[email protected]NVD:CVE-2015-7853

HistoryAug 07, 2017 - 8:29 p.m.

CVE-2015-7853

2017-08-0720:29:00

CWE-120

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

Affected configurations

NVD

Node

ntpntpRange4.2.0–4.2.8

ntpntpRange4.3.0–4.3.77

ntpntpMatch4.2.8-

ntpntpMatch4.2.8p1

ntpntpMatch4.2.8p1-beta1

ntpntpMatch4.2.8p1-beta2

ntpntpMatch4.2.8p1-beta3

ntpntpMatch4.2.8p1-beta4

ntpntpMatch4.2.8p1-beta5

ntpntpMatch4.2.8p1-rc1

ntpntpMatch4.2.8p1-rc2

ntpntpMatch4.2.8p2

ntpntpMatch4.2.8p2-rc1

ntpntpMatch4.2.8p2-rc2

ntpntpMatch4.2.8p2-rc3

ntpntpMatch4.2.8p3

ntpntpMatch4.2.8p3-rc1

ntpntpMatch4.2.8p3-rc2

ntpntpMatch4.2.8p3-rc3

Node

netapponcommand_balanceMatch-

netapponcommand_performance_managerMatch-

netapponcommand_unified_managerMatch-clustered_data_ontap

netappclustered_data_ontapMatch-

netappdata_ontapMatch-7-mode

References

lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

lists.opensuse.org/opensuse-updates/2015-11/msg00093.html

lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html

packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html

support.ntp.org/bin/view/Main/NtpBug2920

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

www.securityfocus.com/archive/1/536737/100/0/threaded

www.securityfocus.com/archive/1/536760/100/0/threaded

www.securityfocus.com/archive/1/536796/100/0/threaded

www.securityfocus.com/archive/1/536833/100/0/threaded

www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded

www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded

www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded

www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded

www.securityfocus.com/bid/77273

www.securitytracker.com/id/1033951

www.talosintel.com/vulnerability-reports/

www.ubuntu.com/usn/USN-2783-1

bto.bluecoat.com/security-advisory/sa103

bugzilla.redhat.com/show_bug.cgi?id=1274262

cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

security.gentoo.org/glsa/201607-15

security.netapp.com/advisory/ntap-20171004-0001/

us-cert.cisa.gov/ics/advisories/icsa-21-159-11

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

Related for NVD:CVE-2015-7853

ubuntucve1 nessus25 f52 cve1 talos1 debiancve1 cvelist1 prion1 mageia1 openvas15 ibm4 aix1 freebsd_advisory1 freebsd1 arista1 archlinux1 securityvulns2 ics2 cisco1 slackware1 symantec1 ubuntu1 suse4 gentoo1