cve-2015-5300
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
Summary
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
secalert@redhat.comhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1930.htmlThird Party Advisory
secalert@redhat.comhttp://seclists.org/bugtraq/2016/Feb/164Mailing List, Third Party Advisory
secalert@redhat.comhttp://support.ntp.org/bin/view/Main/NtpBug2956Issue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_SecuritIssue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3388Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/77312Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1034670Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
secalert@redhat.comhttps://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1271076Issue Tracking
secalert@redhat.comhttps://ics-cert.us-cert.gov/advisories/ICSA-15-356-01Third Party Advisory, US Government Resource
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20171004-0001/
secalert@redhat.comhttps://support.citrix.com/article/CTX220112Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=isg3T1023885Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=isg3T1024073Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=nas8N1021264Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21979393Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21980676Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21983501Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21983506Third Party Advisory
secalert@redhat.comhttps://www.cs.bu.edu/~goldbe/NTPattack.htmlThird Party Advisory
secalert@redhat.comhttps://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascThird Party Advisory
secalert@redhat.comhttps://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
secalert@redhat.comhttps://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1930.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/bugtraq/2016/Feb/164Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug2956Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_SecuritIssue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3388Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/77312Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034670Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1271076Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171004-0001/
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX220112Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21979393Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21980676Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21983501Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21983506Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.cs.bu.edu/~goldbe/NTPattack.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1930",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
          },
          {
            "name": "SUSE-SU:2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Feb/164"
          },
          {
            "name": "openSUSE-SU:2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "USN-2783-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2783-1"
          },
          {
            "name": "SUSE-SU:2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX220112"
          },
          {
            "name": "FEDORA-2015-77bfbc1bcd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
          },
          {
            "name": "FEDORA-2015-f5f5ec7b6b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
          },
          {
            "name": "DSA-3388",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
          },
          {
            "name": "SUSE-SU:2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "FEDORA-2016-34bc10a2c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
          },
          {
            "name": "1034670",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034670"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
          },
          {
            "name": "77312",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77312"
          },
          {
            "name": "SUSE-SU:2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "FreeBSD-SA-16:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
          },
          {
            "name": "openSUSE-SU:2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
          },
          {
            "name": "SUSE-SU:2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
          },
          {
            "name": "SUSE-SU:2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-09T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2015:1930",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
        },
        {
          "name": "SUSE-SU:2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/bugtraq/2016/Feb/164"
        },
        {
          "name": "openSUSE-SU:2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "USN-2783-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2783-1"
        },
        {
          "name": "SUSE-SU:2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX220112"
        },
        {
          "name": "FEDORA-2015-77bfbc1bcd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
        },
        {
          "name": "FEDORA-2015-f5f5ec7b6b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
        },
        {
          "name": "DSA-3388",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3388"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
        },
        {
          "name": "SUSE-SU:2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "FEDORA-2016-34bc10a2c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
        },
        {
          "name": "1034670",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034670"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
        },
        {
          "name": "77312",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77312"
        },
        {
          "name": "SUSE-SU:2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "FreeBSD-SA-16:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
        },
        {
          "name": "openSUSE-SU:2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
        },
        {
          "name": "SUSE-SU:2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
        },
        {
          "name": "SUSE-SU:2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:1930",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
            },
            {
              "name": "SUSE-SU:2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
              "refsource": "MLIST",
              "url": "http://seclists.org/bugtraq/2016/Feb/164"
            },
            {
              "name": "openSUSE-SU:2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2783-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "name": "SUSE-SU:2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
            },
            {
              "name": "https://support.citrix.com/article/CTX220112",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX220112"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
            },
            {
              "name": "FEDORA-2015-f5f5ec7b6b",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
            },
            {
              "name": "DSA-3388",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
            },
            {
              "name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
              "refsource": "MISC",
              "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "1034670",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034670"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
            },
            {
              "name": "77312",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77312"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FreeBSD-SA-16:02",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
            },
            {
              "name": "openSUSE-SU:2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
            },
            {
              "name": "SUSE-SU:2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2956",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
            },
            {
              "name": "SUSE-SU:2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5300",
    "datePublished": "2017-07-21T14:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5300\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-07-21T14:29:00.927\",\"lastModified\":\"2024-11-21T02:32:44.747\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).\"},{\"lang\":\"es\",\"value\":\"La comprobaci\u00f3n panic_gate en NTP anterior a versi\u00f3n 4.2.8p5 es solo habilitada nuevamente despu\u00e9s del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opci\u00f3n -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un n\u00famero no especificado de peticiones de fuentes de confianza y aprovechando una denegaci\u00f3n de servicio resultante (anular y reiniciar).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-361\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5900A25-FDD7-4900-BF7C-F3ECCB714D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D3B6FD-B474-4B09-B644-A8634A629280\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F892F1B0-514C-42F7-90AE-12ACDFDC1033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A0BA503-3F96-48DA-AF47-FBA37A9D0C48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"35BBD83D-BDC7-4678-BE94-639F59281139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"CB6476C7-03F2-4939-AB85-69AA524516D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"B12243B2-D726-404C-ABFF-F1AB51BA1783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C5561F-BE86-4EEA-99D4-8697F8BD9DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2076747F-A98E-4DD9-9B52-BF1732BCAD3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB2A1559-651C-46B0-B436-8E03DC8A60D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A633996-2FD7-467C-BAA6-529E16BD06D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53F0F5A0-70D9-4305-A834-B6FF71E27B30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BCD7DC-0FEF-477D-8698-F8D8F1A49D90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C649194-B8C2-49F7-A819-C635EE584ABF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C84489B-B08C-4854-8A12-D01B6E45CF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA856400-1B48-429A-94A0-173B7EEE1EC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E8CD4EF-DC90-40BB-A721-6EC087507906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.8\",\"matchCriteriaId\":\"05D076CA-85DD-48B4-9A8A-F413FFBFB55F\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1930.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/bugtraq/2016/Feb/164\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug2956\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3388\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77312\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034670\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2783-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa113\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1271076\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0001/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.citrix.com/article/CTX220112\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21979393\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21980676\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21983501\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21983506\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cs.bu.edu/~goldbe/NTPattack.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1930.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/bugtraq/2016/Feb/164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug2956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2783-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1271076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.citrix.com/article/CTX220112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21979393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21980676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21983501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-01.ibm.com/support/docview.wss?uid=swg21983506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cs.bu.edu/~goldbe/NTPattack.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.