5.3

CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version21
FedoraprojectFedora Version22
FedoraprojectFedora Version23
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
NtpNtp Updatep2 Version <= 4.2.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.1% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201509-01
Third Party Advisory
VDB Entry
Mitigation
http://www.debian.org/security/2015/dsa-3388
Third Party Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
Third Party Advisory
http://bugs.ntp.org/show_bug.cgi?id=2853
Third Party Advisory
Issue Tracking
http://www.securityfocus.com/bid/75589
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034168
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1238136
Third Party Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20180731-0003/