CVE-2015-7704

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2014-9297, CVE-2014-9298, CVE-2015-1798, CVE-2015-1799, CVE-2015-3405, CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957

Published on 07/08/17 - Updated on 18/05/18

Description

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2015-7704
Amazon Linux ALAS-2015-607
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-449, CERTFR-2016-AVI-153, CERTFR-2018-AVI-545
Arch Linux ASA-201510-14
CentOS CESA-2015:1930
Debian DSA-3388-1
Debian LTSDLA-335-1
Oracle Linux ELSA-2015-1930, ELSA-2015-2231, ELSA-2016-0780
Redhat RHSA-2015:1930, RHSA-2015:2520
Renater 2015/VULN222, 2015/VULN224, 2016/VULN183
SUSE SUSE-SU-2015:2058, SUSE-SU-2016:1247, SUSE-SU-2016:1278, SUSE-SU-2016:1291, SUSE-SU-2016:1311, SUSE-SU-2016:1471, SUSE-SU-2016:1568, SUSE-SU-2016:1912
Ubuntu USN-2783-1

Exploits

SecurityFocusBID-77280

Relative technologies

VendorProduct
ntpntp

Share this vulnerability with:

Twitter Facebook LinkedIn Mail