Denial of Service Vulnerability in NTP from Network Time Foundation
CVE-2015-5194

7.5HIGH

Key Information:

Vendor
Fedoraproject
Status
Fedora
Vendor
CVE Published:
21 July 2017

Summary

A vulnerability exists in the log_config_command function of ntpd in NTP versions prior to 4.2.7p42. This issue can be exploited by remote attackers who send specially crafted logconfig commands, potentially leading to a denial of service situation where the ntpd service crashes. Ensuring up-to-date versions is critical for maintaining the stability and security of systems reliant on NTP.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.