CVE-2015-5195 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-5195?

CVE-2015-5195 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5195?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	21
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Hpc Node	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	12.04
Ntp	Ntp	<= 4.2.7

Related Weaknesses (CWE)

CWE-20

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0780.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2583.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/25/3Mailing ListPatchThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h
http://www.securityfocus.com/bid/76474Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1254544Issue Tracking
https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27Issue TrackingPatchThird Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21985122Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21986956Third Party Advisory

FAQ

What is CVE-2015-5195?

CVE-2015-5195 is a vulnerability with a CVSS score of 7.5 (HIGH). ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled d...

How severe is CVE-2015-5195?

CVE-2015-5195 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5195?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.