CVE-2015-7854

Published: Aug 7, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

Affected (24)

Products: Ntp: Ntp · Netapp: Clustered Data Ontap, Data Ontap, Oncommand Balance, Oncommand Performance Manager, Oncommand Unified Manager

1 product

5 products

Oncommand Performance Manager

Oncommand Unified Manager

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	From 4.2.0 to 4.2.8
Ntp Ntp	From 4.3.0 to 4.3.77
Ntp Ntp	Version 4.2.8
Ntp Ntp	Version 4.2.8 p1-beta1
Ntp Ntp	Version 4.2.8 p1-beta2
Ntp Ntp	Version 4.2.8 p1-beta3
Ntp Ntp	Version 4.2.8 p1-beta4
Ntp Ntp	Version 4.2.8 p1-beta5
Ntp Ntp	Version 4.2.8 p1-rc1
Ntp Ntp	Version 4.2.8 p1-rc2
Ntp Ntp	Version 4.2.8 p1
Ntp Ntp	Version 4.2.8 p2-rc1
Ntp Ntp	Version 4.2.8 p2-rc2
Ntp Ntp	Version 4.2.8 p2-rc3
Ntp Ntp	Version 4.2.8 p2
Ntp Ntp	Version 4.2.8 p3-rc1
Ntp Ntp	Version 4.2.8 p3-rc2
Ntp Ntp	Version 4.2.8 p3-rc3
Ntp Ntp	Version 4.2.8 p3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions
Netapp Data Ontap	All versions
Netapp Oncommand Balance	All versions
Netapp Oncommand Performance Manager	All versions
Netapp Oncommand Unified Manager	All versions