CVE - CVE-2015-5300

CVE-ID
CVE-2015-5300	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:77312 URL:http://www.securityfocus.com/bid/77312 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc CONFIRM:http://support.ntp.org/bin/view/Main/NtpBug2956 CONFIRM:http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html CONFIRM:https://bto.bluecoat.com/security-advisory/sa113 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1271076 CONFIRM:https://security.netapp.com/advisory/ntap-20171004-0001/ CONFIRM:https://support.citrix.com/article/CTX220112 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21979393 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21980676 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21983501 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21983506 CONFIRM:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428 CONFIRM:https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html CONFIRM:https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html DEBIAN:DSA-3388 URL:http://www.debian.org/security/2015/dsa-3388 FEDORA:FEDORA-2015-77bfbc1bcd URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html FEDORA:FEDORA-2015-f5f5ec7b6b URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html FEDORA:FEDORA-2016-34bc10a2c8 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html FREEBSD:FreeBSD-SA-16:02 URL:https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc MISC:https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 MISC:https://www.cs.bu.edu/~goldbe/NTPattack.html MLIST:[slackware-security] 20160223 ntp (SSA:2016-054-04) URL:http://seclists.org/bugtraq/2016/Feb/164 REDHAT:RHSA-2015:1930 URL:http://rhn.redhat.com/errata/RHSA-2015-1930.html SECTRACK:1034670 URL:http://www.securitytracker.com/id/1034670 SUSE:SUSE-SU:2016:1175 URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html SUSE:SUSE-SU:2016:1177 URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html SUSE:SUSE-SU:2016:1247 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html SUSE:SUSE-SU:2016:1311 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html SUSE:SUSE-SU:2016:1912 URL:http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SUSE:SUSE-SU:2016:2094 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html SUSE:openSUSE-SU:2016:1292 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html SUSE:openSUSE-SU:2016:1423 URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html UBUNTU:USN-2783-1 URL:http://www.ubuntu.com/usn/USN-2783-1
Assigning CNA
Red Hat, Inc.
Date Record Created
20150701	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150701)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)