Vulnerability Description
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | >= 4.2.0, < 4.2.8 |
| Netapp | Oncommand Balance | - |
| Netapp | Oncommand Performance Manager | - |
| Netapp | Oncommand Unified Manager | - |
| Netapp | Clustered Data Ontap | - |
| Netapp | Data Ontap | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authen
- http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Upda
- http://support.ntp.org/bin/view/Main/NtpBug2920PatchVendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
- http://www.securityfocus.com/archive/1/536737/100/0/threaded
- http://www.securityfocus.com/archive/1/536760/100/0/threaded
- http://www.securityfocus.com/archive/1/536796/100/0/threaded
- http://www.securityfocus.com/archive/1/536833/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded
FAQ
What is CVE-2015-7853?
CVE-2015-7853 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative ...
How severe is CVE-2015-7853?
CVE-2015-7853 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-7853?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager, Netapp Clustered Data Ontap.