CVE-2015-7705

2015-10-2200:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.1%

JSON

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77
allows remote attackers to have unspecified impact via a large number of
crafted requests.

Bugs

<http://bugs.ntp.org/show_bug.cgi?id=2901>

Notes

Author	Note
mdeslaur	fix is bad, see http://lists.ntp.org/pipermail/pool/2015-October/007631.html same fixes as CVE-2015-7704

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchntp< 1:4.2.6.p3+dfsg-1ubuntu3.6UNKNOWN
ubuntu14.04noarchntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5UNKNOWN
ubuntu15.04noarchntp< 1:4.2.6.p5+dfsg-3ubuntu6.2UNKNOWN
ubuntu15.10noarchntp< 1:4.2.6.p5+dfsg-3ubuntu8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	ntp	< 1:4.2.6.p3+dfsg-1ubuntu3.6	UNKNOWN
ubuntu	14.04	noarch	ntp	< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5	UNKNOWN
ubuntu	15.04	noarch	ntp	< 1:4.2.6.p5+dfsg-3ubuntu6.2	UNKNOWN
ubuntu	15.10	noarch	ntp	< 1:4.2.6.p5+dfsg-3ubuntu8.1	UNKNOWN