ID CVE-2015-5300
Summary The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
    cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.4:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.4:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.6:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.6:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-361
CAPEC
  • Session Credential Falsification through Forging
    An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.
  • Session Fixation
    The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2015:1930
rpms
  • ntp-0:4.2.6p5-5.el6_7.2
  • ntp-doc-0:4.2.6p5-5.el6_7.2
  • ntp-perl-0:4.2.6p5-5.el6_7.2
  • ntpdate-0:4.2.6p5-5.el6_7.2
  • ntp-0:4.2.6p5-19.el7_1.3
  • ntp-doc-0:4.2.6p5-19.el7_1.3
  • ntp-perl-0:4.2.6p5-19.el7_1.3
  • ntpdate-0:4.2.6p5-19.el7_1.3
  • sntp-0:4.2.6p5-19.el7_1.3
refmap via4
bid 77312
confirm
debian DSA-3388
fedora
  • FEDORA-2015-77bfbc1bcd
  • FEDORA-2015-f5f5ec7b6b
  • FEDORA-2016-34bc10a2c8
freebsd FreeBSD-SA-16:02
misc
mlist [slackware-security] 20160223 ntp (SSA:2016-054-04)
sectrack 1034670
suse
  • SUSE-SU:2016:1175
  • SUSE-SU:2016:1177
  • SUSE-SU:2016:1247
  • SUSE-SU:2016:1311
  • SUSE-SU:2016:1912
  • SUSE-SU:2016:2094
  • openSUSE-SU:2016:1292
  • openSUSE-SU:2016:1423
ubuntu USN-2783-1
Last major update 30-10-2018 - 16:27
Published 21-07-2017 - 14:29
Back to Top