Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7979

Опубликовано: 20 янв. 2016
Источник: redhat
CVSS2: 5.8
EPSS Средний

Описание

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.

Отчет

This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 6 and 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Меры по смягчению последствий

Do not use NTP's broadcast mode by not configuring the "broadcast" directive in the ntp.conf file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ntpWill not fix
Red Hat Enterprise Linux 6ntpFixedRHSA-2016:114131.05.2016
Red Hat Enterprise Linux 6.7 Extended Update SupportntpFixedRHSA-2016:155203.08.2016
Red Hat Enterprise Linux 7ntpFixedRHSA-2016:114131.05.2016
Red Hat Enterprise Linux 7ntpFixedRHSA-2016:258303.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1300271ntp: off-path denial of service on authenticated broadcast mode

EPSS

Процентиль: 95%
0.19095
Средний

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7979

CVSS3: 7.5
ubuntu
больше 8 лет назад

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

nvd логотип

CVE-2015-7979

CVSS3: 7.5
nvd
больше 8 лет назад

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

debian логотип

CVE-2015-7979

CVSS3: 7.5
debian
больше 8 лет назад

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...

github логотип

GHSA-9fqj-9gp8-4rwc

CVSS3: 7.5
github
больше 3 лет назад

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

oracle-oval логотип

ELSA-2016-1141

oracle-oval
около 9 лет назад

ELSA-2016-1141: ntp security update (MODERATE)

EPSS

Процентиль: 95%
0.19095
Средний

5.8 Medium

CVSS2