PT-2015-6781 · Nts+2 · Ntp+2

Martin Prpič

Publicado

2015-07-02

Atualizado

2018-08-02

CVE-2015-5146

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ntp versions prior to 4.2.8p3

Description The issue allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Recommendations For versions prior to 4.2.8p3, update to version 4.2.8p3 or later to resolve the issue. As a temporary workaround, consider restricting access to remote configuration to minimize the risk of exploitation.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-2335

CVE-2015-5146

DLA-335-1

DSA-3388-1

MGASA-2015-0348

USN-2783-1

Produtos afetados

Alt Linux

Ubuntu

Ntp

PT-2015-6781 · Nts+2 · Ntp+2

CVE-2015-5146

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 122