CVE-2015-8140

Опубликовано: 20 янв. 2016

Источник: redhat

CVSS2: 5.4

Описание

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

Меры по смягчению последствий

This issue can be mitigated by one of the following methods: disabling ntpq in ntp.conf, configuring ntpd to get time from multiple sources, or using a restriction list in your ntp.conf to limit who is allowed to issue ntpq queries.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	ntp	Will not fix
Red Hat Enterprise Linux 6	ntp	Will not fix
Red Hat Enterprise Linux 7	ntp	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-294

https://bugzilla.redhat.com/show_bug.cgi?id=1300651ntp: ntpq protocol vulnerable to replay attacks

5.4 Medium

CVSS2

Связанные уязвимости

CVE-2015-8140

CVSS3: 4.8

ubuntu

около 9 лет назад

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

CVE-2015-8140

CVSS3: 4.8

nvd

около 9 лет назад

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

CVE-2015-8140

CVSS3: 4.8

debian

около 9 лет назад

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to con ...

GHSA-6wrq-h82h-4vm8

CVSS3: 4.8

github

больше 3 лет назад

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

openSUSE-SU-2016:1292-1

suse-cvrf

больше 9 лет назад

Security update for ntp

5.4 Medium

CVSS2