ntp: stack exhaustion in recursive traversal of restriction list

🗓️ 10 May 2016 18:35:43Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

NTP stack exhaustion in ntpd from restriction list traversal via ntpdc reslist; remote crash risk.

Reporter	Title	Published	Views	Family All 128
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager	16 Jun 201821:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect PowerKVM	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Ntp affect IBM Security Identity Governance	16 Jun 201821:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection	16 Jun 201821:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple ntp vulnerabilities	18 Jun 201801:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in NTP	16 Jun 201821:45	–	ibm
IBM Security Bulletins	Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available	16 Jun 201821:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in NTP	16 Jun 201821:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in NTP, OpenSSL and GNU glibc affect IBM Netezza Host Management	18 Oct 201903:10	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	ppc64	ntp	0:4.2.6p5-10.el6	ntp-0:4.2.6p5-10.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	ntp	0:4.2.6p5-10.el6	ntp-0:4.2.6p5-10.el6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	ntp	0:4.2.6p5-10.el6	ntp-0:4.2.6p5-10.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	ntp	0:4.2.6p5-10.el6.i686	ntp-0:4.2.6p5-10.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	ppc64	ntp-debuginfo	0:4.2.6p5-10.el6	ntp-debuginfo-0:4.2.6p5-10.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	ntp-debuginfo	0:4.2.6p5-10.el6	ntp-debuginfo-0:4.2.6p5-10.el6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	ntp-debuginfo	0:4.2.6p5-10.el6	ntp-debuginfo-0:4.2.6p5-10.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	ntp-debuginfo	0:4.2.6p5-10.el6.i686	ntp-debuginfo-0:4.2.6p5-10.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	any	ntp-doc	0:4.2.6p5-10.el6.noarch	ntp-doc-0:4.2.6p5-10.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	ppc64	ntp-perl	0:4.2.6p5-10.el6	ntp-perl-0:4.2.6p5-10.el6.ppc64.rpm

Source	Link
support	www.support.ntp.org/bin/view/Main/SecurityNotice
talosintel	www.talosintel.com/reports/TALOS-2016-0075/
access	www.access.redhat.com/security/cve/CVE-2015-7978
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-7978
cve	www.cve.org/CVERecord

13 May 2026 01:46Current

7.5High risk

Vulners AI Score7.5

CVSS 25

CVSS 37.5

EPSS0.42548

stack exhaustion network time protocol restriction list traversal restriction query remote crash unix