Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-5146

Published: 2 July 2015

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Notes

AuthorNote
seth-arnold
non-default configuration, requires knowledge of remote
authentication password, and ACL-authorized source

Priority

Low

Cvss 3 Severity Score

5.3

Score breakdown

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
precise
Released (1:4.2.6.p3+dfsg-1ubuntu3.6)
trusty
Released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5)
upstream
Released (4.3.25, 4.2.8p3-RC1)
utopic Ignored
(end of life)
vivid
Released (1:4.2.6.p5+dfsg-3ubuntu6.2)
wily
Released (1:4.2.6.p5+dfsg-3ubuntu8.1)
Patches:
upstream: https://github.com/ntp-project/ntp/commit/c3e7afb9cd88784c6b4f81182bd878fc3a2d23a1

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H