7.5

CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version21
FedoraprojectFedora Version22
SuseLinux Enterprise Debuginfo Version11 Updatesp2
SuseLinux Enterprise Debuginfo Version11 Updatesp3
SuseLinux Enterprise Debuginfo Version11 Updatesp4
OpensuseLeap Version42.1
OpensuseOpensuse Version13.2
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp4 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 Updatesp1
SuseManager Version2.1
SuseManager Proxy Version2.1
SuseOpenstack Cloud Version5
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
NtpNtp Updatep4 Version <= 4.2.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.13% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3388
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171004-0001/
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Third Party Advisory
https://support.citrix.com/article/CTX220112
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa113
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-2783-1
Third Party Advisory
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1930.html
Third Party Advisory
http://seclists.org/bugtraq/2016/Feb/164
Third Party Advisory
Mailing List
http://support.ntp.org/bin/view/Main/NtpBug2956
Patch
Vendor Advisory
Issue Tracking
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit
Patch
Vendor Advisory
Issue Tracking
http://www.securityfocus.com/bid/77312
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034670
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1271076
Issue Tracking
https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01
Third Party Advisory
US Government Resource
https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21979393
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21980676
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21983501
Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21983506
Third Party Advisory
https://www.cs.bu.edu/~goldbe/NTPattack.html
Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
Third Party Advisory
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428
Third Party Advisory
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory