CVE-2015-7855 — MEDIUM (6.5)

Q: How severe is CVE-2015-7855?

CVE-2015-7855 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7855?

Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Debian Debian Linux, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager.

Vulnerability Description

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ntp	Ntp	>= 4.2.0, < 4.2.8
Debian	Debian Linux	7.0
Netapp	Oncommand Balance	-
Netapp	Oncommand Performance Manager	-
Netapp	Oncommand Unified Manager	-
Netapp	Clustered Data Ontap	-
Netapp	Data Ontap	-
Siemens	Tim 4R-Ie Firmware	All versions
Siemens	Tim 4R-Ie	-
Siemens	Tim 4R-Ie Dnp3 Firmware	All versions
Siemens	Tim 4R-Ie Dnp3	-

Related Weaknesses (CWE)

CWE-20

References

http://support.ntp.org/bin/view/Main/NtpBug2922PatchVendor Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.securityfocus.com/bid/77283Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1033951Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1274264Issue TrackingThird Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party AdvisoryVDB Entry
https://security.gentoo.org/glsa/201607-15Third Party AdvisoryVDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party AdvisoryUS Government Resource
https://www.exploit-db.com/exploits/40840/ExploitThird Party AdvisoryVDB Entry
http://support.ntp.org/bin/view/Main/NtpBug2922PatchVendor Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.securityfocus.com/bid/77283Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1033951Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-7855?

CVE-2015-7855 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a lo...

How severe is CVE-2015-7855?

CVE-2015-7855 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7855?

Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Debian Debian Linux, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager.