What Are You Looking For?

Sign Up
Arch Linux Security Advisory ASA-201507-5
========================================
Severity: Low
Date    : 2015-07-07
CVE-ID  : CVE-2015-5146
Package : ntp
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
======
The package ntp before version 4.2.8.p3-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 4.2.8.p3-1.

# pacman -Syu "ntp>=4.2.8.p3-1"

The problem has been fixed upstream in version 4.2.8.p3.

Workaround
=========
Configure ntpd to not allow remote configuration (default setting).

Description
==========
Under limited and specific circumstances an attacker can send a crafted
remote-configuration packet containing a NUL-byte to cause a vulnerable
ntpd instance to crash. This requires each of the following to be true:
- ntpd set up to allow for remote configuration (not allowed by
  default)
- knowledge of the configuration password
- access to a computer entrusted to perform remote configuration

Impact
=====
A remote attacker is able to send a specially crafted
remote-configuration packet that is leading to an application crash
resulting in denial of service.

References
=========
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
https://access.redhat.com/security/cve/CVE-2015-5146

ArchLinux: 201507-5: ntp: denial of service

July 7, 2015

Summary

Under limited and specific circumstances an attacker can send a crafted remote-configuration packet containing a NUL-byte to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: - ntpd set up to allow for remote configuration (not allowed by default) - knowledge of the configuration password - access to a computer entrusted to perform remote configuration

Resolution

Upgrade to 4.2.8.p3-1. # pacman -Syu "ntp>=4.2.8.p3-1"
The problem has been fixed upstream in version 4.2.8.p3.

References

https://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi https://access.redhat.com/security/cve/CVE-2015-5146

Severity
Package : ntp
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE

Workaround

Configure ntpd to not allow remote configuration (default setting).

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Tails 5.20 Brings Latest Tor Browser, Ditches AdGuard Filter List

Nov 29, 2023

CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo