7.5

CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Data is provided by the National Vulnerability Database (NVD)
FedoraprojectFedora Version21
FedoraprojectFedora Version22
SuseLinux Enterprise Debuginfo Version11 Updatesp2
SuseLinux Enterprise Debuginfo Version11 Updatesp3
SuseLinux Enterprise Server Version10 Updatesp4 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseManager Version2.1
SuseManager Proxy Version2.1
SuseOpenstack Cloud Version5
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
NtpNtp Updatep40 Version <= 4.2.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 15.51% 0.945
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2015/08/25/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/76475
Third Party Advisory
VDB Entry