Test ID:	1.3.6.1.4.1.25623.1.0.150698
Category:	Denial of Service
Title:	NTP < 4.2.8p3 DoS Vulnerability
Summary:	Under limited and specific circumstances an attacker can send a; crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following; to be true:;; - ntpd set up to allow for remote configuration (not allowed by default), and;; - knowledge of the configuration password, and;; - access to a computer entrusted to perform remote configuration.
Description:	Summary: Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: - ntpd set up to allow for remote configuration (not allowed by default), and - knowledge of the configuration password, and - access to a computer entrusted to perform remote configuration. Vulnerability Insight: Please see the references for more information on the vulnerabilities. Affected Software/OS: NTPd version prior to 4.2.8p3, 4.3.x prior to version 4.3.25. Solution: Update to version 4.2.8p3, 4.3.25 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5146 BugTraq ID: 75589 http://www.securityfocus.com/bid/75589 Debian Security Information: DSA-3388 (Google Search) http://www.debian.org/security/2015/dsa-3388 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html https://security.gentoo.org/glsa/201509-01 http://www.securitytracker.com/id/1034168
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.