Remote Configuration Vulnerability in NTP Product by NTP.org
CVE-2015-5146

5.3MEDIUM

Key Information:

Vendor

Fedoraproject

Status
Fedora
Vendor
CVE Published:
24 August 2017

What is CVE-2015-5146?

The ntpd daemon in NTP versions before 4.2.8p3, equipped with remote configuration, is susceptible to a denial of service attack. An attacker who possesses the configuration password and has authenticated access to perform remote configuration can exploit this vulnerability. By sending a specially crafted packet containing a NULL byte within the configuration directive, the attacker can trigger a crash in the service, disrupting system time synchronization and potentially affecting related services reliant on accurate timekeeping.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1238136
x_refsource_CONFIRM
http://www.securityfocus.com/bid/75589
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201509-01
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.