ID CVE-2015-5300
Summary The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
    cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.4:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.4:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.6:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.6:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-361
CAPEC
  • Session Fixation
    The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2015:1930
rpms
  • ntp-0:4.2.6p5-19.ael7b_1.3
  • ntp-0:4.2.6p5-19.el7_1.3
  • ntp-0:4.2.6p5-5.el6_7.2
  • ntp-debuginfo-0:4.2.6p5-19.ael7b_1.3
  • ntp-debuginfo-0:4.2.6p5-19.el7_1.3
  • ntp-debuginfo-0:4.2.6p5-5.el6_7.2
  • ntp-doc-0:4.2.6p5-19.ael7b_1.3
  • ntp-doc-0:4.2.6p5-19.el7_1.3
  • ntp-doc-0:4.2.6p5-5.el6_7.2
  • ntp-perl-0:4.2.6p5-19.ael7b_1.3
  • ntp-perl-0:4.2.6p5-19.el7_1.3
  • ntp-perl-0:4.2.6p5-5.el6_7.2
  • ntpdate-0:4.2.6p5-19.ael7b_1.3
  • ntpdate-0:4.2.6p5-19.el7_1.3
  • ntpdate-0:4.2.6p5-5.el6_7.2
  • sntp-0:4.2.6p5-19.ael7b_1.3
  • sntp-0:4.2.6p5-19.el7_1.3
refmap via4
bid 77312
confirm
debian DSA-3388
fedora
  • FEDORA-2015-77bfbc1bcd
  • FEDORA-2015-f5f5ec7b6b
  • FEDORA-2016-34bc10a2c8
freebsd FreeBSD-SA-16:02
misc
mlist [slackware-security] 20160223 ntp (SSA:2016-054-04)
sectrack 1034670
suse
  • SUSE-SU:2016:1175
  • SUSE-SU:2016:1177
  • SUSE-SU:2016:1247
  • SUSE-SU:2016:1311
  • SUSE-SU:2016:1912
  • SUSE-SU:2016:2094
  • openSUSE-SU:2016:1292
  • openSUSE-SU:2016:1423
ubuntu USN-2783-1
Last major update 30-10-2018 - 16:27
Published 21-07-2017 - 14:29
Last modified 30-10-2018 - 16:27
Back to Top