Explore top 10 tips to secure your open-source projects now. Read More
×Several vulnerabilities were discovered in the Network Time Protocol
daemon and utility programs:
CVE-2015-5146
A flaw was found in the way ntpd processed certain remote
configuration packets. An attacker could use a specially crafted
package to cause ntpd to crash if:
* ntpd enabled remote configuration
* The attacker had the knowledge of the configuration password
* The attacker had access to a computer entrusted to perform remote
configuration
Note that remote configuration is disabled by default in NTP.
CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.
CVE-2015-5195
It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command
CVE-2015-5219
It was discovered that sntp program would hang in an infinite loop
when ...
Get the latest Linux and open source security news straight to your inbox.