CVE-2015-7854 : Buffer overflow in the password management functionality in NTP 4.2.x before 4.2

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

Published 2017-08-07 20:29:01

Updated 2020-06-18 15:05:03

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2015-7854

NTP » NTP
Versions from including (>=) 4.3.0 and before (<) 4.3.77
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
Matching versions
NTP » NTP
Versions from including (>=) 4.2.0 and before (<) 4.2.8
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P2-rc1
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P2
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-beta1
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-beta2
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-beta3
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-beta4
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-beta5
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-rc1
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1-rc2
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P2-rc2
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P2-rc3
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P3
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P3-rc1
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P3-rc2
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P3-rc3
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
Matching versions
Netapp » Data Ontap » Version: N/A For 7-mode
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
Matching versions
Netapp » Oncommand Balance » Version: N/A
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » Version: N/A For Clustered Data Ontap
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*
Matching versions
Netapp » Oncommand Performance Manager » Version: N/A
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-7854

EPSS FAQ

3.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-7854

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-7854

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7854

http://support.ntp.org/bin/view/Main/NtpBug2921

NtpBug2921 < Main < NTP
Patch;Vendor Advisory
https://security.gentoo.org/glsa/201607-15

NTP: Multiple vulnerabilities (GLSA 201607-15) — Gentoo security
Third Party Advisory;VDB Entry

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1274263

1274263 – (CVE-2015-7854) CVE-2015-7854 ntp: password length memory corruption vulnerability
Issue Tracking;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/77277

Network Time Protocol CVE-2015-7854 Buffer Overflow Vulnerability
Third Party Advisory;VDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/

October 2015 Network Time Protocol Daemon (ntpd) Vulnerabilities in Multiple NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1033951

ntp Multiple Flaws Let Remote Users Deny Service, View Files, and Bypass Authentication to Modify the Time - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-7854

Products affected by CVE-2015-7854

Exploit prediction scoring system (EPSS) score for CVE-2015-7854

CVSS scores for CVE-2015-7854

CWE ids for CVE-2015-7854

References for CVE-2015-7854