[go: up one dir, main page]
|
|
Log in / Subscribe / Register

ntp: denial of service

Package(s):ntp CVE #(s):CVE-2015-5146
Created:July 7, 2015 Updated:September 9, 2015
Description: From the Arch Linux advisory:

Under limited and specific circumstances an attacker can send a crafted remote-configuration packet containing a NUL-byte to cause a vulnerable ntpd instance to crash. This requires each of the following to be true:

  • ntpd set up to allow for remote configuration (not allowed by default)
  • knowledge of the configuration password
  • access to a computer entrusted to perform remote configuration

A remote attacker is able to send a specially crafted remote-configuration packet that is leading to an application crash resulting in denial of service.

Alerts:
Fedora FEDORA-2015-77bfbc1bcd ntp 2015-11-04
Debian DSA-3388-1 ntp 2015-11-01
Debian-LTS DLA-335-1 ntp 2015-10-28
Ubuntu USN-2783-1 ntp 2015-10-27
Fedora FEDORA-2015-14212 ntp 2015-10-12
Gentoo 201509-01 ntp 2015-09-24
Mageia MGASA-2015-0348 ntp 2015-09-08
Slackware SSA:2015-188-03 ntp 2015-07-07
Arch Linux ASA-201507-5 ntp 2015-07-07
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds