CVE-2015-7850 — MEDIUM (6.5)

Q: What is CVE-2015-7850?

CVE-2015-7850 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

Q: How severe is CVE-2015-7850?

CVE-2015-7850 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7850?

Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Debian Debian Linux, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager.

Vulnerability Description

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ntp	Ntp	>= 4.2.0, < 4.2.8
Debian	Debian Linux	7.0
Netapp	Oncommand Balance	-
Netapp	Oncommand Performance Manager	-
Netapp	Oncommand Unified Manager	-
Netapp	Clustered Data Ontap	-
Netapp	Data Ontap	-

Related Weaknesses (CWE)

CWE-835

References

http://support.ntp.org/bin/view/Main/NtpBug2917PatchVendor Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.securityfocus.com/bid/77279Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1033951Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1274258Issue TrackingThird Party AdvisoryVDB Entry
https://security.gentoo.org/glsa/201607-15Third Party AdvisoryVDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/Third Party Advisory
http://support.ntp.org/bin/view/Main/NtpBug2917PatchVendor Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.securityfocus.com/bid/77279Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1033951Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1274258Issue TrackingThird Party AdvisoryVDB Entry
https://security.gentoo.org/glsa/201607-15Third Party AdvisoryVDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/Third Party Advisory

FAQ

What is CVE-2015-7850?

CVE-2015-7850 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

How severe is CVE-2015-7850?

CVE-2015-7850 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7850?

Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Debian Debian Linux, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager.