CVE-2015-5146

Published: Aug 24, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Affected (6)

Products: Fedoraproject: Fedora · Debian: Debian Linux · Ntp: Ntp

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22
Fedoraproject Fedora	Version 23

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	Up to 4.2.8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://bugs.ntp.org/show_bug.cgi?id=2853

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html

Source: cve@mitre.org

Third Party Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2015/dsa-3388

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/75589

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034168

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1238136

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201509-01

Source: cve@mitre.org

MitigationThird Party AdvisoryVDB Entry

https://security.netapp.com/advisory/ntap-20180731-0003/

Source: cve@mitre.org

http://bugs.ntp.org/show_bug.cgi?id=2853

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2015/dsa-3388

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/75589

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034168

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1238136

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201509-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryVDB Entry

https://security.netapp.com/advisory/ntap-20180731-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.