Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 520
Alerts This Week
Warning Icon 1 520

Debian: DSA-3388-1 Critical: NTP DoS Issues and Security Updates

debian
Calendar Grey November 1, 2015
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - --------------------------------------------------
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146

Summary

Several vulnerabilities were discovered in the Network Time Protocol
daemon and utility programs:

CVE-2015-5146

A flaw was found in the way ntpd processed certain remote
configuration packets. An attacker could use a specially crafted
package to cause ntpd to crash if:

* ntpd enabled remote configuration
* The attacker had the knowledge of the configuration password
* The attacker had access to a computer entrusted to perform remote
configuration

Note that remote configuration is disabled by default in NTP.

CVE-2015-5194

It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.

CVE-2015-5195

It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command

CVE-2015-5219

It was discovered that sntp program would hang in an infinite loop
when ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: ntp
CVE ID: CVE-2014-9750 CVE-2014-9751 CVE-2015-3405 CVE-2015-5146

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.