CVE-2015-5219

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p366

Description The issue allows remote attackers to cause a denial of service, potentially via a crafted NTP packet. This is due to improper type conversions from a precision value to a double in the ULOGTOD function in ntp.d in SNTP. Additionally, the decodenetnum() function may cause a denial of service when encountering invalid values instead of returning FAIL.

Recommendations For versions prior to 4.2.7p366, update to version 4.2.7p366 or later to resolve the issue. As a temporary workaround, consider restricting access to the NTP service to minimize the risk of exploitation.

Exploit

Fix

DoS

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704

Related Identifiers

ALT-PU-2014-2486

CESA-2016_0780

CESA-2016_2583

CVE-2015-5219

DLA-335-1

DSA-3388-1

MGASA-2015-0348

RHSA-2016:0780

RHSA-2016:2583

RHSA-2016_0780

RHSA-2016_2583

SUSE-SU-2016:1311-1

SUSE-SU-2016:3193-1

SUSE-SU-2016:3195-1

SUSE-SU-2016:3196-1

SUSE-SU-2017:0255-1

USN-2783-1

Affected Products

Alt Linux

Centos

Ibm Aix

Ntp

Red Hat

Suse

Ubuntu

CVE-2015-5219

Weakness Enumeration

Related Identifiers

Affected Products

References · 158