7.5

CVE-2015-5300

EPSS 34.23%
Veröffentlicht 21.07.2017 14:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 42

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version21

Fedoraproject ≫ Fedora Version22

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp2

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.2

Suse ≫ Linux Enterprise Desktop Version12

Suse ≫ Linux Enterprise Desktop Version12 Updatesp1

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp4

Suse ≫ Linux Enterprise Server Version12 Updatesp1

Suse ≫ Linux Enterprise Software Development Kit Version12

Suse ≫ Linux Enterprise Software Development Kit Version12 Updatesp1

Suse ≫ Manager Version2.1

Suse ≫ Manager Proxy Version2.1

Suse ≫ Openstack Cloud Version5

Suse ≫ Suse Linux Enterprise Server Version12

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Hpc Node Version6.0

Redhat ≫ Enterprise Linux Hpc Node Version7.0

Redhat ≫ Enterprise Linux Hpc Node Eus Version7.1

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Eus Version6.7.z

Redhat ≫ Enterprise Linux Server Eus Version7.1

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.04

Canonical ≫ Ubuntu Linux Version15.10

Ntp ≫ Ntp Updatep4 Version <= 4.2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	34.23%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Third Party Advisory

http://www.debian.org/security/2015/dsa-3388

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20171004-0001/

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Third Party Advisory

https://support.citrix.com/article/CTX220112

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa113

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

Third Party Advisory

http://www.ubuntu.com/usn/USN-2783-1

Third Party Advisory

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1930.html

Third Party Advisory

http://seclists.org/bugtraq/2016/Feb/164

Third Party Advisory

Mailing List

http://support.ntp.org/bin/view/Main/NtpBug2956

Patch

Vendor Advisory

Issue Tracking

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit

Patch

Vendor Advisory

Issue Tracking

http://www.securityfocus.com/bid/77312

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034670

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1271076

Issue Tracking

https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01

Third Party Advisory

US Government Resource

https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21979393

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21980676

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21983501

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21983506

Third Party Advisory

https://www.cs.bu.edu/~goldbe/NTPattack.html

Third Party Advisory

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc

Third Party Advisory

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428

Third Party Advisory

https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Third Party Advisory

https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-5300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5300

EUVD