CVE Vulnerabilities

CVE-2015-5300

Published: Jul 21, 2017 | Modified: Oct 30, 2018
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Affected Software

Name Vendor Start Version End Version
Fedora Fedoraproject 21 (including) 21 (including)
Fedora Fedoraproject 22 (including) 22 (including)
Red Hat Enterprise Linux 6 RedHat ntp-0:4.2.6p5-5.el6_7.2 *
Red Hat Enterprise Linux 7 RedHat ntp-0:4.2.6p5-19.el7_1.3 *
Ntp Ubuntu devel *
Ntp Ubuntu precise *
Ntp Ubuntu trusty *
Ntp Ubuntu vivid *
Ntp Ubuntu vivid/stable-phone-overlay *
Ntp Ubuntu wily *

References