Vulnerability Description
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | >= 4.2.0, < 4.2.8 |
| Netapp | Oncommand Performance Manager | - |
| Netapp | Oncommand Unified Manager | - |
| Netapp | Clustered Data Ontap | - |
| Netapp | Data Ontap | - |
| Citrix | Xenserver | 6.0.2 |
| Siemens | Tim 4R-Ie Firmware | All versions |
| Siemens | Tim 4R-Ie | - |
| Siemens | Tim 4R-Ie Dnp3 Firmware | All versions |
| Siemens | Tim 4R-Ie Dnp3 | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Upda
- http://support.ntp.org/bin/view/Main/NtpBug2901Vendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_SecRelease NotesVendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
FAQ
What is CVE-2015-7705?
CVE-2015-7705 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
How severe is CVE-2015-7705?
CVE-2015-7705 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-7705?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager, Netapp Clustered Data Ontap, Netapp Data Ontap.