CVE-2015-7977

Published: Jan 30, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Affected (89)

Products: Ntp: Ntp · Oracle: Linux · Siemens: Tim 4r Ie Firmware, Tim 4r Ie Dnp3 Firmware · +5 more

Show all products

Ntp: Ntp · Oracle: Linux · Siemens: Tim 4r Ie Firmware, Tim 4r Ie Dnp3 Firmware · Netapp: Clustered Data Ontap, Oncommand Balance · Freebsd: Freebsd · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

2 products

Tim 4r Ie Dnp3 Firmware

2 products

1 product

1 product

1 product

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	Up to 4.2.8
Ntp Ntp	From 4.3.0 to 4.3.90
Ntp Ntp	Version 4.2.8
Ntp Ntp	Version 4.2.8 p1-beta1
Ntp Ntp	Version 4.2.8 p1-beta2
Ntp Ntp	Version 4.2.8 p1-beta3
Ntp Ntp	Version 4.2.8 p1-beta4
Ntp Ntp	Version 4.2.8 p1-beta5
Ntp Ntp	Version 4.2.8 p1-rc1
Ntp Ntp	Version 4.2.8 p1-rc2
Ntp Ntp	Version 4.2.8 p1
Ntp Ntp	Version 4.2.8 p2-rc1
Ntp Ntp	Version 4.2.8 p2-rc2
Ntp Ntp	Version 4.2.8 p2-rc3
Ntp Ntp	Version 4.2.8 p2
Ntp Ntp	Version 4.2.8 p3-rc1
Ntp Ntp	Version 4.2.8 p3-rc2
Ntp Ntp	Version 4.2.8 p3-rc3
Ntp Ntp	Version 4.2.8 p3
Ntp Ntp	Version 4.2.8 p4
Ntp Ntp	Version 4.2.8 p5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 6

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Tim 4r Ie Firmware	All versions

Running on/with	Platform Versions
Siemens Tim 4r Ie	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Tim 4r Ie Dnp3 Firmware	All versions

Running on/with	Platform Versions
Siemens Tim 4r Ie Dnp3	All versions

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions
Netapp Oncommand Balance	All versions

Configuration F

56 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 10.1
Freebsd Freebsd	Version 10.1 p10
Freebsd Freebsd	Version 10.1 p12
Freebsd Freebsd	Version 10.1 p15
Freebsd Freebsd	Version 10.1 p16
Freebsd Freebsd	Version 10.1 p17
Freebsd Freebsd	Version 10.1 p18
Freebsd Freebsd	Version 10.1 p19
Freebsd Freebsd	Version 10.1 p1
Freebsd Freebsd	Version 10.1 p22
Freebsd Freebsd	Version 10.1 p24
Freebsd Freebsd	Version 10.1 p25
Freebsd Freebsd	Version 10.1 p26
Freebsd Freebsd	Version 10.1 p27
Freebsd Freebsd	Version 10.1 p2
Freebsd Freebsd	Version 10.1 p3
Freebsd Freebsd	Version 10.1 p4
Freebsd Freebsd	Version 10.1 p5
Freebsd Freebsd	Version 10.1 p6
Freebsd Freebsd	Version 10.1 p7
Freebsd Freebsd	Version 10.1 p8
Freebsd Freebsd	Version 10.1 p9
Freebsd Freebsd	Version 10.2
Freebsd Freebsd	Version 10.2 p10
Freebsd Freebsd	Version 10.2 p1
Freebsd Freebsd	Version 10.2 p2
Freebsd Freebsd	Version 10.2 p5
Freebsd Freebsd	Version 10.2 p7
Freebsd Freebsd	Version 10.2 p8
Freebsd Freebsd	Version 10.2 p9
Freebsd Freebsd	Version 9.3
Freebsd Freebsd	Version 9.3 p10
Freebsd Freebsd	Version 9.3 p12
Freebsd Freebsd	Version 9.3 p13
Freebsd Freebsd	Version 9.3 p16
Freebsd Freebsd	Version 9.3 p19
Freebsd Freebsd	Version 9.3 p1
Freebsd Freebsd	Version 9.3 p20
Freebsd Freebsd	Version 9.3 p21
Freebsd Freebsd	Version 9.3 p22
Freebsd Freebsd	Version 9.3 p23
Freebsd Freebsd	Version 9.3 p24
Freebsd Freebsd	Version 9.3 p25
Freebsd Freebsd	Version 9.3 p28
Freebsd Freebsd	Version 9.3 p2
Freebsd Freebsd	Version 9.3 p30
Freebsd Freebsd	Version 9.3 p31
Freebsd Freebsd	Version 9.3 p32
Freebsd Freebsd	Version 9.3 p33
Freebsd Freebsd	Version 9.3 p34
Freebsd Freebsd	Version 9.3 p3
Freebsd Freebsd	Version 9.3 p5
Freebsd Freebsd	Version 9.3 p6
Freebsd Freebsd	Version 9.3 p7
Freebsd Freebsd	Version 9.3 p8
Freebsd Freebsd	Version 9.3 p9

Configuration G

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22
Fedoraproject Fedora	Version 23

Configuration H

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration I

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (54)

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Source: cve@mitre.org

Broken Link

http://rhn.redhat.com/errata/RHSA-2016-0780.html

Source: cve@mitre.org

Broken Link

http://rhn.redhat.com/errata/RHSA-2016-2583.html

Source: cve@mitre.org

Broken Link

http://support.ntp.org/bin/view/Main/NtpBug2939

Source: cve@mitre.org

Vendor Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security

Source: cve@mitre.org

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2016/dsa-3629

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/81815

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034782

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3096-1

Source: cve@mitre.org

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa113

Source: cve@mitre.org

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Source: cve@mitre.org

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201607-15

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20171031-0001/

Source: cve@mitre.org

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/718152

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html