Lucene search

K

PRIOn knowledge basePRION:CVE-2015-5194

HistoryJul 21, 2017 - 2:29 p.m.

Command injection

2017-07-2114:29:00

PRIOn knowledge base

www.prio-n.com

6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.6%

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
debian_linuxeq8.0
debian_linuxeq7.0
fedoraeq22
fedoraeq21
ntple4.2.7
enterprise_linux_desktopeq7.0

Rows per page:

1-10 of 251

References

bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA

lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

rhn.redhat.com/errata/RHSA-2016-0780.html

rhn.redhat.com/errata/RHSA-2016-2583.html

www.debian.org/security/2015/dsa-3388

www.openwall.com/lists/oss-security/2015/08/25/3

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/76475

www.ubuntu.com/usn/USN-2783-1

bugzilla.redhat.com/show_bug.cgi?id=1254542

github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27

lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html

www-01.ibm.com/support/docview.wss?uid=isg3T1024157

www-01.ibm.com/support/docview.wss?uid=swg21985122

www-01.ibm.com/support/docview.wss?uid=swg21986956

www-01.ibm.com/support/docview.wss?uid=swg21988706

www-01.ibm.com/support/docview.wss?uid=swg21989542

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.6%

Related for PRION:CVE-2015-5194

veracode1 cvelist1 debiancve1 ubuntucve1 cve1 openvas16 f52 nessus22 fedora3 mageia1 amazon1 redhat2 centos2 oraclelinux2 ibm7 osv2 debian2 securityvulns2 ubuntu1 suse3