CVE-2015-5146 — MEDIUM (5.3)

Q: How severe is CVE-2015-5146?

CVE-2015-5146 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5146?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Ntp Ntp.

Vulnerability Description

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	21
Debian	Debian Linux	7.0
Ntp	Ntp	<= 4.2.8

Related Weaknesses (CWE)

CWE-20

References

http://bugs.ntp.org/show_bug.cgi?id=2853Issue TrackingThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.Third Party Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Vendor Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.securityfocus.com/bid/75589Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034168Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1238136Issue TrackingThird Party Advisory
https://security.gentoo.org/glsa/201509-01MitigationThird Party AdvisoryVDB Entry
https://security.netapp.com/advisory/ntap-20180731-0003/
http://bugs.ntp.org/show_bug.cgi?id=2853Issue TrackingThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.Third Party Advisory

FAQ

What is CVE-2015-5146?

CVE-2015-5146 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configu...

How severe is CVE-2015-5146?

CVE-2015-5146 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5146?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Ntp Ntp.