CVE-2015-5300

high

Description

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

References

https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc

https://www.cs.bu.edu/~goldbe/NTPattack.html

https://www-01.ibm.com/support/docview.wss?uid=swg21983506

https://www-01.ibm.com/support/docview.wss?uid=swg21983501

https://www-01.ibm.com/support/docview.wss?uid=swg21980676

https://www-01.ibm.com/support/docview.wss?uid=swg21979393

https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821

https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264

https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073

https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885

https://support.citrix.com/article/CTX220112

https://security.netapp.com/advisory/ntap-20171004-0001/

https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01

https://bugzilla.redhat.com/show_bug.cgi?id=1271076

https://bto.bluecoat.com/security-advisory/sa113

http://www.ubuntu.com/usn/USN-2783-1

http://www.securitytracker.com/id/1034670

http://www.securityfocus.com/bid/77312

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.debian.org/security/2015/dsa-3388

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit

http://support.ntp.org/bin/view/Main/NtpBug2956

http://seclists.org/bugtraq/2016/Feb/164

http://rhn.redhat.com/errata/RHSA-2015-1930.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc

Details

Source: Mitre, NVD

Published: 2017-07-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High