CVE-2015-8139

Опубликовано: 20 янв. 2016

Источник: redhat

CVSS2: 6.4

EPSS Средний

Описание

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

Меры по смягчению последствий

This issue can be mitigated by one of the following methods: adding the noquery option to all restrict entries in ntp.conf, configuring ntpd to get time from multiple sources, or using a restriction list in your ntp.conf to limit who is allowed to issue ntpq and ntpdc queries. Note that ntpdc queries are disabled by default.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	ntp	Will not fix
Red Hat Enterprise Linux 6	ntp	Will not fix
Red Hat Enterprise Linux 7	ntp	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-290

https://bugzilla.redhat.com/show_bug.cgi?id=1300654ntp: ntpq and ntpdc disclose origin timestamp to unauthenticated clients

EPSS

Процентиль: 97%

0.30064

Средний

6.4 Medium

CVSS2

Связанные уязвимости

CVE-2015-8139

CVSS3: 5.3

ubuntu

около 9 лет назад

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

CVE-2015-8139

CVSS3: 5.3

nvd

около 9 лет назад

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

CVE-2015-8139

CVSS3: 5.3

debian

около 9 лет назад

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ti ...

GHSA-qmqw-w975-8wjm

CVSS3: 5.3

github

больше 3 лет назад

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

openSUSE-SU-2016:1292-1

suse-cvrf

больше 9 лет назад

Security update for ntp

EPSS

Процентиль: 97%

0.30064

Средний

6.4 Medium

CVSS2