CVE - CVE-2015-5219

CVE-ID
CVE-2015-5219	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:76473 URL:http://www.securityfocus.com/bid/76473 MISC:DSA-3388 URL:http://www.debian.org/security/2015/dsa-3388 MISC:FEDORA-2015-14212 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html MISC:FEDORA-2015-14213 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html MISC:FEDORA-2015-77bfbc1bcd URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html MISC:RHSA-2016:0780 URL:http://rhn.redhat.com/errata/RHSA-2016-0780.html MISC:RHSA-2016:2583 URL:http://rhn.redhat.com/errata/RHSA-2016-2583.html MISC:SUSE-SU:2016:1311 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html MISC:USN-2783-1 URL:http://www.ubuntu.com/usn/USN-2783-1 MISC:[oss-security] 20150825 Several low impact ntp.org ntpd issues URL:http://www.openwall.com/lists/oss-security/2015/08/25/3 MISC:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc URL:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc MISC:http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg URL:http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg MISC:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html URL:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1255118 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1255118 MISC:https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf URL:https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf MISC:https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8 URL:https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8 MISC:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 URL:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 MISC:https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157 URL:https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157 MISC:https://www-01.ibm.com/support/docview.wss?uid=swg21985122 URL:https://www-01.ibm.com/support/docview.wss?uid=swg21985122 MISC:https://www-01.ibm.com/support/docview.wss?uid=swg21986956 URL:https://www-01.ibm.com/support/docview.wss?uid=swg21986956 MISC:https://www-01.ibm.com/support/docview.wss?uid=swg21988706 URL:https://www-01.ibm.com/support/docview.wss?uid=swg21988706 MISC:https://www-01.ibm.com/support/docview.wss?uid=swg21989542 URL:https://www-01.ibm.com/support/docview.wss?uid=swg21989542 MISC:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409 URL:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409 MISC:openSUSE-SU:2016:3280 URL:http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20150701	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150701)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)