CVE-2015-5300 Information

Description

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default which allows remote attackers to set NTP to an arbitrary time when started with the -g option or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources and leveraging a resulting denial of service (abort and restart).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html http://rhn.redhat.com/errata/RHSA-2015-1930.html http://seclists.org/bugtraq/2016/Feb/164 http://support.ntp.org/bin/view/Main/NtpBug2956 http://support.ntp.org/bin/view/Main/SecurityNoticeJanuary_2016_NTP_4_2_8p5_Securit http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/77312 http://www.securitytracker.com/id/1034670 http://www.ubuntu.com/usn/USN-2783-1 https://bto.bluecoat.com/security-advisory/sa113 https://bugzilla.redhat.com/show_bug.cgi?id=1271076 https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 https://security.netapp.com/advisory/ntap-20171004-0001/ https://support.citrix.com/article/CTX220112 https://www.cs.bu.edu/~goldbe/NTPattack.html https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428 https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885 https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073 https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264 https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821 https://www-01.ibm.com/support/docview.wss?uid=swg21979393 https://www-01.ibm.com/support/docview.wss?uid=swg21980676 https://www-01.ibm.com/support/docview.wss?uid=swg21983501 https://www-01.ibm.com/support/docview.wss?uid=swg21983506

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5