7.5

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version21
FedoraprojectFedora Version22
FedoraprojectFedora Version23
SuseLinux Enterprise Debuginfo Version11 Updatesp2
SuseLinux Enterprise Debuginfo Version11 Updatesp3
SuseLinux Enterprise Server Version10 Updatesp4 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseManager Version2.1
SuseManager Proxy Version2.1
SuseOpenstack Cloud Version5
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
NtpNtp Updatep355 Version <= 4.2.7
NovellLeap Version42.2
OpensuseLeap Version42.1
SiemensTim 4r-ie Firmware
   SiemensTim 4r-ie Version-
OracleLinux Version6 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.84% 0.922
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3388
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2583.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Third Party Advisory
US Government Resource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2016-0780.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/08/25/3
Patch
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-2783-1
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21985122
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21986956
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21988706
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21989542
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
Third Party Advisory
Mailing List
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc
Third Party Advisory
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg
Patch
Third Party Advisory
Issue Tracking
http://www.securityfocus.com/bid/76473
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1255118
Issue Tracking
https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
Patch
Third Party Advisory
Issue Tracking
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409
Third Party Advisory