CVE-2015-5146

EPSS 1.45%
Veröffentlicht 24.08.2017 20:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version21

Fedoraproject ≫ Fedora Version22

Fedoraproject ≫ Fedora Version23

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Ntp ≫ Ntp Updatep2 Version <= 4.2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.45%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201509-01

Third Party Advisory

VDB Entry

Mitigation

http://www.debian.org/security/2015/dsa-3388

Third Party Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html

Third Party Advisory