CVE-2015-7978

Опубликовано: 20 янв. 2016

Источник: redhat

CVSS2: 4.3

EPSS Средний

Описание

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.

A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd.

Отчет

This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 6 and 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Меры по смягчению последствий

Keep the number of restriction list entries in ntp.conf lower than 500.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	ntp	Will not fix
Red Hat Enterprise Linux 6	ntp	Fixed	RHSA-2016:0780	10.05.2016
Red Hat Enterprise Linux 7	ntp	Fixed	RHSA-2016:2583	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1300270ntp: stack exhaustion in recursive traversal of restriction list

EPSS

Процентиль: 96%

0.28333

Средний

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-7978

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2015-7978

CVSS3: 7.5

nvd

почти 9 лет назад

CVE-2015-7978

CVSS3: 7.5

debian

почти 9 лет назад

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers t ...

GHSA-jj32-297r-pcv8

CVSS3: 7.5

github

больше 3 лет назад

ELSA-2016-0780

oracle-oval

больше 9 лет назад

ELSA-2016-0780: ntp security and bug fix update (MODERATE)

EPSS

Процентиль: 96%

0.28333

Средний

4.3 Medium

CVSS2