Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12064

HistoryJan 15, 2019 - 9:11 a.m.

Denial Of Service (DoS)

2019-01-1509:11:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

ntp is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

CPENameOperatorVersion
ntpeq4.2.6p5__1.el6
ntpeq4.2.4p8__3.el6
ntpeq4.2.6p5__2.el6_5
ntpeq4.2.6p5__2.el6_6
ntpeq4.2.6p5__5.el6
ntpeq4.2.4p8__2.el6
ntpeq4.2.6p5__5.el6_7.2
ntpeq4.2.6p5__5.el6_7.4
ntpeq4.2.6p5__3.el6_6
ntpeq4.2.6p5__1.el6

Rows per page:

1-10 of 181

References

bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA

lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

rhn.redhat.com/errata/RHSA-2016-0780.html

rhn.redhat.com/errata/RHSA-2016-2583.html

www.debian.org/security/2015/dsa-3388

www.openwall.com/lists/oss-security/2015/08/25/3

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/76475

www.ubuntu.com/usn/USN-2783-1

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html

access.redhat.com/errata/RHSA-2016:0780

access.redhat.com/errata/RHSA-2016:2583

access.redhat.com/security/cve/CVE-2015-5194

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1254542

bugzilla.redhat.com/show_bug.cgi?id=1286969

github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27

rhn.redhat.com/errata/RHSA-2016-0780.html

www-01.ibm.com/support/docview.wss?uid=isg3T1024157

www-01.ibm.com/support/docview.wss?uid=swg21985122

www-01.ibm.com/support/docview.wss?uid=swg21986956

www-01.ibm.com/support/docview.wss?uid=swg21988706

www-01.ibm.com/support/docview.wss?uid=swg21989542

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:12064

prion1 ubuntucve1 debiancve1 cve1 openvas16 f52 nessus22 fedora3 mageia1 amazon1 redhat2 centos2 ibm7 oraclelinux2 osv2 securityvulns2 debian2 ubuntu1 suse3