PT-2015-6798 · Ntt+4 · Ntp+4

Martin Prpič

Published

2014-12-24

Updated

2023-02-13

CVE-2015-5195

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p112

Description The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, via a crafted statistics or filegen configuration command that is not enabled during compilation. This occurs when a statistics type that was not enabled during compilation is referenced by the statistics or filegen configuration command.

Recommendations For versions prior to 4.2.7p112, update to version 4.2.7p112 or later to resolve the issue. As a temporary workaround, consider restricting the use of statistics or filegen configuration commands until a patch is available. Avoid using statistics types that are not enabled during compilation in the affected configuration commands.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-2486

CESA-2016_0780

CESA-2016_2583

CVE-2015-5195

DLA-335-1

DSA-3388-1

MGASA-2015-0348

RHSA-2016:0780

RHSA-2016:2583

RHSA-2016_0780

RHSA-2016_2583

USN-2783-1

Affected Products

Alt Linux

Centos

Ntp

Red Hat

Ubuntu

PT-2015-6798 · Ntt+4 · Ntp+4

CVE-2015-5195

Weakness Enumeration

Related Identifiers

Affected Products

References · 52