The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Suse
  • Linux Enterprise Debuginfo
  • Linux Enterprise Server
  • Manager Proxy
  • Manager
  • Openstack Cloud
Oracle
  • Linux
Redhat
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server
  • Enterprise Linux Hpc Node
Opensuse
  • Leap
Canonical
  • Ubuntu Linux
Novell
  • Leap
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Ntp
  • Ntp
Siemens
  • Tim 4r-ie
  • Tim 4r-id Dnp3 Firmware
  • Tim 4r-id Dnp3
  • Tim 4r-ie Firmware

Configuration 1 [-]

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:ntp:ntp:*:p355:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:siemens:tim_4r-id_dnp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:tim_4r-id_dnp3:-:*:*:*:*:*:*:*

Configuration 10 [-]

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
References
Link Resource
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc Third Party Advisory
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg Issue Tracking Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html Broken Link
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html Broken Link
http://rhn.redhat.com/errata/RHSA-2016-0780.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2583.html Third Party Advisory
http://www.debian.org/security/2015/dsa-3388 Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/25/3 Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory
http://www.securityfocus.com/bid/76473 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2783-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1255118 Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf Third Party Advisory
https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8 Issue Tracking Patch Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 Third Party Advisory US Government Resource
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157 Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21985122 Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21986956 Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21988706 Third Party Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21989542 Third Party Advisory
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-07-21T14:00:00

Updated: 2021-04-15T20:35:47

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5219

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-07-21T14:29:00.867

Modified: 2023-02-13T00:51:47.453

Link: CVE-2015-5219

JSON object: View

cve-icon Redhat Information

No data.

CWE