ID CVE-2015-5219
Summary The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
    cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p355:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p355:*:*:*:*:*:*
  • cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
    cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:tim_4r-id_dnp3_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:tim_4r-id_dnp3_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:tim_4r-id_dnp3:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:tim_4r-id_dnp3:-:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-02-2023 - 00:51)
Impact:
Exploitability:
CWE CWE-704
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2016:0780
  • rhsa
    id RHSA-2016:2583
rpms
  • ntp-0:4.2.6p5-10.el6
  • ntp-debuginfo-0:4.2.6p5-10.el6
  • ntp-doc-0:4.2.6p5-10.el6
  • ntp-perl-0:4.2.6p5-10.el6
  • ntpdate-0:4.2.6p5-10.el6
  • ntp-0:4.2.6p5-25.el7
  • ntp-debuginfo-0:4.2.6p5-25.el7
  • ntp-doc-0:4.2.6p5-25.el7
  • ntp-perl-0:4.2.6p5-25.el7
  • ntpdate-0:4.2.6p5-25.el7
  • sntp-0:4.2.6p5-25.el7
refmap via4
bid 76473
confirm
debian DSA-3388
fedora
  • FEDORA-2015-14212
  • FEDORA-2015-14213
  • FEDORA-2015-77bfbc1bcd
mlist [oss-security] 20150825 Several low impact ntp.org ntpd issues
suse
  • SUSE-SU:2016:1311
  • openSUSE-SU:2016:3280
ubuntu USN-2783-1
Last major update 13-02-2023 - 00:51
Published 21-07-2017 - 14:29
Last modified 13-02-2023 - 00:51
Back to Top