- Home
- CVEs with nessus.description==ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. (CVE-2015-5146)
An attacker can use a specially crafted package to cause ntpd to become unresponsive when all of the following conditions are met :
The ntpd configuration has enabled remote configuration.
The attacker has knowledge of the configuration password.
The attacker has access to a computer entrusted to perform remote configurations.
Impact
For BIG-IP systems using a default network time protocol (NTP) configuration, there is no impact. However, BIG-IP systems with an NTP configuration that is customized in line with the requirements of the advisory may be vulnerable.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top