PT-2015-6804 · Ntf+6 · Ntp+6

Miroslav Lichvar

Publicado

2014-12-24

Atualizado

2023-02-13

CVE-2015-5219

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p366

Description The issue allows remote attackers to cause a denial of service, potentially via a crafted NTP packet. This is due to improper type conversions from a precision value to a double in the ULOGTOD function in ntp.d in SNTP. Additionally, the decodenetnum() function may cause a denial of service when encountering invalid values instead of returning FAIL.

Recommendations For versions prior to 4.2.7p366, update to version 4.2.7p366 or later to resolve the issue. As a temporary workaround, consider restricting access to the NTP service to minimize the risk of exploitation.

Exploit

Correção

DoS

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-704

Identificadores relacionados

ALT-PU-2014-2486

CESA-2016_0780

CESA-2016_2583

CVE-2015-5219

DLA-335-1

DSA-3388-1

MGASA-2015-0348

RHSA-2016:0780

RHSA-2016:2583

RHSA-2016_0780

RHSA-2016_2583

SUSE-SU-2016:1311-1

SUSE-SU-2016:3193-1

SUSE-SU-2016:3195-1

SUSE-SU-2016:3196-1

SUSE-SU-2017:0255-1

USN-2783-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Ntp

Red Hat

Suse

Ubuntu

PT-2015-6804 · Ntf+6 · Ntp+6

CVE-2015-5219

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 158