Vulnerability Details : CVE-2015-5300
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
Vulnerability category: Denial of service
Products affected by CVE-2015-5300
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5300
36.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5300
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-5300
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5300
-
https://www-01.ibm.com/support/docview.wss?uid=swg21983506
IBM Security Bulletin: IBM Security Access Manager for Web is affected by NTP vulnerabilities (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138)Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-36.fc22Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2783-1
USN-2783-1: NTP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264
IBM Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138)Third Party Advisory
-
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
[security-announce] SUSE-SU-2016:1175-1: important: Security update forThird Party Advisory
-
http://support.ntp.org/bin/view/Main/NtpBug2956
NtpBug2956 < Main < NTPIssue Tracking;Patch;Vendor Advisory
-
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
Third Party Advisory
-
http://www.securityfocus.com/bid/77312
Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2015-1930.html
RHSA-2015:1930 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bto.bluecoat.com/security-advisory/sa113
SA113 : January 2016 NTP Security VulnerabilitiesThird Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=swg21979393
IBM Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-5300, CVE-2015-7704, and CVE-2015-8138)Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-34.fc21Third Party Advisory
-
http://www.securitytracker.com/id/1034670
ntpd Flaw Lets Remote Users Modify Time on the Target ntp Service in Certain Cases - SecurityTrackerThird Party Advisory;VDB Entry
-
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit
SecurityNotice < Main < NTPIssue Tracking;Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
[security-announce] SUSE-SU-2016:1177-1: important: Security update forThird Party Advisory
-
http://www.debian.org/security/2015/dsa-3388
Debian -- Security Information -- DSA-3388-1 ntpThird Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=swg21983501
IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by NTP vulnerabilities (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138)Third Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=swg21980676
IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol(NTP) affect WebSphere DataPower XC10 Appliance (CVE-2016-5300, CVE-2015-7704, CVE-2015-8138)Third Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885
IBM Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVMThird Party Advisory
-
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Oracle Critical Patch Update - July 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
[security-announce] openSUSE-SU-2016:1292-1: important: Security updateThird Party Advisory
-
http://seclists.org/bugtraq/2016/Feb/164
Bugtraq: [slackware-security] ntp (SSA:2016-054-04)Mailing List;Third Party Advisory
-
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1271076
1271076 – (CVE-2015-5300) CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic thresholdIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
[security-announce] SUSE-SU-2016:1311-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
[security-announce] SUSE-SU-2016:1912-1: important: Security update forThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20171004-0001/
October 2015 Network Time Protocol Daemon (ntpd) Vulnerabilities in Multiple NetApp Products | NetApp Product Security
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
[security-announce] SUSE-SU-2016:2094-1: important: Security update forThird Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821
IBM Security Bulletin: Real-time compression appliance (CVE-2015-5300 CVE-2015-7704 CVE-2015-8138)Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-34.fc23Third Party Advisory
-
https://support.citrix.com/article/CTX220112
Citrix XenServer Multiple Security UpdatesThird Party Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://www.cs.bu.edu/~goldbe/NTPattack.html
Attacking the Network Time ProtocolThird Party Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple ntp vulnerabilitiesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
openSUSE-SU-2016:1423-1: moderate: Security update for ntpThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
[security-announce] SUSE-SU-2016:1247-1: important: Security update forThird Party Advisory
-
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428
IBM notice: The page you requested cannot be displayedThird Party Advisory
Jump to