Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703388
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3388-1 (ntp - security update)
Summary:Several vulnerabilities were discovered;in the Network Time Protocol daemon and utility programs:;;CVE-2015-5146;A flaw was found in the way ntpd processed certain remote;configuration packets. An attacker could use a specially crafted;package to cause ntpd to crash if:;;ntpd enabled remote configurationThe attacker had the knowledge of the configuration;password...The attacker had access to a computer entrusted to perform remote;configuration;Note that remote configuration is disabled by default in NTP.;;CVE-2015-5194;It was found that ntpd could crash due to an uninitialized;variable when processing malformed logconfig configuration;commands.;;Description truncated. Please see the references for more information.
Description:Summary:
Several vulnerabilities were discovered
in the Network Time Protocol daemon and utility programs:

CVE-2015-5146
A flaw was found in the way ntpd processed certain remote
configuration packets. An attacker could use a specially crafted
package to cause ntpd to crash if:

ntpd enabled remote configurationThe attacker had the knowledge of the configuration
password...The attacker had access to a computer entrusted to perform remote
configuration
Note that remote configuration is disabled by default in NTP.

CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.

Description truncated. Please see the references for more information.

Affected Software/OS:
ntp on Debian Linux

Solution:
For the oldstable distribution (wheezy),
these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.

For the stable distribution (jessie), these problems have been fixed in
version 1:4.2.6.p5+dfsg-7+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 1:4.2.8p4+dfsg-3.

For the unstable distribution (sid), these problems have been fixed in
version 1:4.2.8p4+dfsg-3.

We recommend that you upgrade your ntp packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-9750
BugTraq ID: 72583
http://www.securityfocus.com/bid/72583
CERT/CC vulnerability note: VU#852879
http://www.kb.cert.org/vuls/id/852879
Debian Security Information: DSA-3388 (Google Search)
http://www.debian.org/security/2015/dsa-3388
RedHat Security Advisories: RHSA-2015:1459
http://rhn.redhat.com/errata/RHSA-2015-1459.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9751
BugTraq ID: 72584
http://www.securityfocus.com/bid/72584
Common Vulnerability Exposure (CVE) ID: CVE-2015-3405
BugTraq ID: 74045
http://www.securityfocus.com/bid/74045
Debian Security Information: DSA-3223 (Google Search)
http://www.debian.org/security/2015/dsa-3223
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html
http://www.openwall.com/lists/oss-security/2015/04/23/14
RedHat Security Advisories: RHSA-2015:2231
http://rhn.redhat.com/errata/RHSA-2015-2231.html
SuSE Security Announcement: SUSE-SU-2015:1173 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-5146
BugTraq ID: 75589
http://www.securityfocus.com/bid/75589
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
https://security.gentoo.org/glsa/201509-01
http://www.securitytracker.com/id/1034168
Common Vulnerability Exposure (CVE) ID: CVE-2015-5194
BugTraq ID: 76475
http://www.securityfocus.com/bid/76475
http://www.openwall.com/lists/oss-security/2015/08/25/3
RedHat Security Advisories: RHSA-2016:0780
http://rhn.redhat.com/errata/RHSA-2016-0780.html
RedHat Security Advisories: RHSA-2016:2583
http://rhn.redhat.com/errata/RHSA-2016-2583.html
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://www.ubuntu.com/usn/USN-2783-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5195
BugTraq ID: 76474
http://www.securityfocus.com/bid/76474
Common Vulnerability Exposure (CVE) ID: CVE-2015-5219
BugTraq ID: 76473
http://www.securityfocus.com/bid/76473
SuSE Security Announcement: openSUSE-SU:2016:3280 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-5300
BugTraq ID: 77312
http://www.securityfocus.com/bid/77312
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
FreeBSD Security Advisory: FreeBSD-SA-16:02
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01
https://www.cs.bu.edu/~goldbe/NTPattack.html
http://seclists.org/bugtraq/2016/Feb/164
RedHat Security Advisories: RHSA-2015:1930
http://rhn.redhat.com/errata/RHSA-2015-1930.html
http://www.securitytracker.com/id/1034670
SuSE Security Announcement: SUSE-SU:2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU:2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU:2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: openSUSE-SU:2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU:2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7691
BugTraq ID: 77274
http://www.securityfocus.com/bid/77274
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1033951
Common Vulnerability Exposure (CVE) ID: CVE-2015-7692
BugTraq ID: 77285
http://www.securityfocus.com/bid/77285
Common Vulnerability Exposure (CVE) ID: CVE-2015-7701
BugTraq ID: 77281
http://www.securityfocus.com/bid/77281
Common Vulnerability Exposure (CVE) ID: CVE-2015-7702
BugTraq ID: 77286
http://www.securityfocus.com/bid/77286
Common Vulnerability Exposure (CVE) ID: CVE-2015-7703
BugTraq ID: 77278
http://www.securityfocus.com/bid/77278
Common Vulnerability Exposure (CVE) ID: CVE-2015-7704
BugTraq ID: 77280
http://www.securityfocus.com/bid/77280
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
https://eprint.iacr.org/2015/1020.pdf
RedHat Security Advisories: RHSA-2015:2520
http://rhn.redhat.com/errata/RHSA-2015-2520.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7850
BugTraq ID: 77279
http://www.securityfocus.com/bid/77279
Common Vulnerability Exposure (CVE) ID: CVE-2015-7852
BugTraq ID: 77288
http://www.securityfocus.com/bid/77288
Common Vulnerability Exposure (CVE) ID: CVE-2015-7855
BugTraq ID: 77283
http://www.securityfocus.com/bid/77283
https://www.exploit-db.com/exploits/40840/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7871
BugTraq ID: 77287
http://www.securityfocus.com/bid/77287
https://security.gentoo.org/glsa/201604-03
CopyrightCopyright (C) 2016 Greenbone Networks GmbH http://greenbone.net

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.