PT-2015-6798 · Ntt+4 · Ntp+4

Martin Prpič

Publicado

2014-12-24

Atualizado

2023-02-13

CVE-2015-5195

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p112

Description The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, via a crafted statistics or filegen configuration command that is not enabled during compilation. This occurs when a statistics type that was not enabled during compilation is referenced by the statistics or filegen configuration command.

Recommendations For versions prior to 4.2.7p112, update to version 4.2.7p112 or later to resolve the issue. As a temporary workaround, consider restricting the use of statistics or filegen configuration commands until a patch is available. Avoid using statistics types that are not enabled during compilation in the affected configuration commands.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2014-2486

CESA-2016_0780

CESA-2016_2583

CVE-2015-5195

DLA-335-1

DSA-3388-1

MGASA-2015-0348

RHSA-2016:0780

RHSA-2016:2583

RHSA-2016_0780

RHSA-2016_2583

USN-2783-1

Produtos afetados

Alt Linux

Centos

Ntp

Red Hat

Ubuntu

PT-2015-6798 · Ntt+4 · Ntp+4

CVE-2015-5195

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52