7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.909 High
EPSS
Percentile
98.4%
The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.
It was discovered that ntpd as a client did not correctly check timestamps
in Kiss-of-Death packets. A remote attacker could use this flaw to send a
crafted Kiss-of-Death packet to an ntpd client that would increase the
client’s polling interval value, and effectively disable synchronization
with the server. (CVE-2015-7704)
Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon
Goldberg of Boston University for reporting this issue.
All ntp users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | ntp-perl | < 4.2.6p5-2.el6_5.1 | ntp-perl-4.2.6p5-2.el6_5.1.x86_64.rpm |
RedHat | 6 | ppc64 | ntpdate | < 4.2.6p5-2.el6_5.1 | ntpdate-4.2.6p5-2.el6_5.1.ppc64.rpm |
RedHat | 6 | i686 | ntp | < 4.2.6p5-2.el6_5.1 | ntp-4.2.6p5-2.el6_5.1.i686.rpm |
RedHat | 6 | s390x | ntp-perl | < 4.2.6p5-3.el6_6.1 | ntp-perl-4.2.6p5-3.el6_6.1.s390x.rpm |
RedHat | 6 | i686 | ntpdate | < 4.2.6p5-3.el6_6.1 | ntpdate-4.2.6p5-3.el6_6.1.i686.rpm |
RedHat | 6 | ppc64 | ntp-debuginfo | < 4.2.6p5-3.el6_6.1 | ntp-debuginfo-4.2.6p5-3.el6_6.1.ppc64.rpm |
RedHat | 6 | x86_64 | ntp | < 4.2.6p5-2.el6_5.1 | ntp-4.2.6p5-2.el6_5.1.x86_64.rpm |
RedHat | 6 | x86_64 | ntp-debuginfo | < 4.2.6p5-3.el6_6.1 | ntp-debuginfo-4.2.6p5-3.el6_6.1.x86_64.rpm |
RedHat | 6 | s390x | ntpdate | < 4.2.6p5-3.el6_6.1 | ntpdate-4.2.6p5-3.el6_6.1.s390x.rpm |
RedHat | 6 | src | ntp | < 4.2.6p5-2.el6_5.1 | ntp-4.2.6p5-2.el6_5.1.src.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.909 High
EPSS
Percentile
98.4%