CVE - CVE-2015-5300

CVE-ID
CVE-2015-5300	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[slackware-security] 20160223 ntp (SSA:2016-054-04) URL:http://seclists.org/bugtraq/2016/Feb/164 MISC:https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 MISC:https://www.cs.bu.edu/~goldbe/NTPattack.html CONFIRM:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc CONFIRM:http://support.ntp.org/bin/view/Main/NtpBug2956 CONFIRM:http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html CONFIRM:https://bto.bluecoat.com/security-advisory/sa113 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1271076 CONFIRM:https://support.citrix.com/article/CTX220112 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21979393 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21980676 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21983501 CONFIRM:https://www-01.ibm.com/support/docview.wss?uid=swg21983506 CONFIRM:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428 CONFIRM:https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html CONFIRM:https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html CONFIRM:https://security.netapp.com/advisory/ntap-20171004-0001/ DEBIAN:DSA-3388 URL:http://www.debian.org/security/2015/dsa-3388 FEDORA:FEDORA-2015-77bfbc1bcd URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html FEDORA:FEDORA-2015-f5f5ec7b6b URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html FEDORA:FEDORA-2016-34bc10a2c8 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html FREEBSD:FreeBSD-SA-16:02 URL:https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc REDHAT:RHSA-2015:1930 URL:http://rhn.redhat.com/errata/RHSA-2015-1930.html SUSE:SUSE-SU:2016:1175 URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html SUSE:SUSE-SU:2016:1177 URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html SUSE:SUSE-SU:2016:1247 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html SUSE:SUSE-SU:2016:1311 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html SUSE:SUSE-SU:2016:1912 URL:http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SUSE:SUSE-SU:2016:2094 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html SUSE:openSUSE-SU:2016:1292 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html SUSE:openSUSE-SU:2016:1423 URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html UBUNTU:USN-2783-1 URL:http://www.ubuntu.com/usn/USN-2783-1 BID:77312 URL:http://www.securityfocus.com/bid/77312 SECTRACK:1034670 URL:http://www.securitytracker.com/id/1034670
Assigning CNA
N/A
Date Entry Created
20150701	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150701)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us