Denial of Service : NTP < 4.2.7p367 DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146233

Categoría: Denial of Service

Título: NTP < 4.2.7p367 DoS Vulnerability

Resumen: NTP is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
NTP is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The ULOGTOD function in ntp.d in SNTP does not properly perform
type conversions from a precision value to a double, which allows remote attackers to cause a
denial of service (infinite loop) via a crafted NTP packet.

Affected Software/OS:
NTPd version 4.2.7p366 and prior.

Solution:
Update to version 4.2.7p367 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5219
76473
http://www.securityfocus.com/bid/76473
DSA-3388
http://www.debian.org/security/2015/dsa-3388
FEDORA-2015-14212
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
FEDORA-2015-14213
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
FEDORA-2015-77bfbc1bcd
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
RHSA-2016:0780
http://rhn.redhat.com/errata/RHSA-2016-0780.html
RHSA-2016:2583
http://rhn.redhat.com/errata/RHSA-2016-2583.html
SUSE-SU:2016:1311
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
USN-2783-1
http://www.ubuntu.com/usn/USN-2783-1
[oss-security] 20150825 Several low impact ntp.org ntpd issues
http://www.openwall.com/lists/oss-security/2015/08/25/3
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://bugzilla.redhat.com/show_bug.cgi?id=1255118
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157
https://www-01.ibm.com/support/docview.wss?uid=swg21985122
https://www-01.ibm.com/support/docview.wss?uid=swg21986956
https://www-01.ibm.com/support/docview.wss?uid=swg21988706
https://www-01.ibm.com/support/docview.wss?uid=swg21989542
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409
openSUSE-SU:2016:3280
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146233
Categoría:	Denial of Service
Título:	NTP < 4.2.7p367 DoS Vulnerability
Resumen:	NTP is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: NTP is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The ULOGTOD function in ntp.d in SNTP does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. Affected Software/OS: NTPd version 4.2.7p366 and prior. Solution: Update to version 4.2.7p367 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5219 76473 http://www.securityfocus.com/bid/76473 DSA-3388 http://www.debian.org/security/2015/dsa-3388 FEDORA-2015-14212 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html FEDORA-2015-14213 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html FEDORA-2015-77bfbc1bcd http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html RHSA-2016:0780 http://rhn.redhat.com/errata/RHSA-2016-0780.html RHSA-2016:2583 http://rhn.redhat.com/errata/RHSA-2016-2583.html SUSE-SU:2016:1311 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html USN-2783-1 http://www.ubuntu.com/usn/USN-2783-1 [oss-security] 20150825 Several low impact ntp.org ntpd issues http://www.openwall.com/lists/oss-security/2015/08/25/3 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://bugzilla.redhat.com/show_bug.cgi?id=1255118 https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8 https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157 https://www-01.ibm.com/support/docview.wss?uid=swg21985122 https://www-01.ibm.com/support/docview.wss?uid=swg21986956 https://www-01.ibm.com/support/docview.wss?uid=swg21988706 https://www-01.ibm.com/support/docview.wss?uid=swg21989542 https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409 openSUSE-SU:2016:3280 http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Copyright	Copyright (C) 2021 Greenbone AG