Vulnerabilities > CVE-2015-7977 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Vulnerable Configurations

Part Description Count
Application
Ntp
801
Application
Netapp
2
OS
Oracle
1
OS
Siemens
2
OS
Freebsd
56
OS
Fedoraproject
2
OS
Debian
2
OS
Canonical
3
Hardware
Siemens
2

Common Weakness Enumeration (CWE)

Nessus

Redhat

advisories
  • rhsa
    idRHSA-2016:0780
  • rhsa
    idRHSA-2016:2583
rpms
  • ntp-0:4.2.6p5-10.el6
  • ntp-debuginfo-0:4.2.6p5-10.el6
  • ntp-doc-0:4.2.6p5-10.el6
  • ntp-perl-0:4.2.6p5-10.el6
  • ntpdate-0:4.2.6p5-10.el6
  • ntp-0:4.2.6p5-25.el7
  • ntp-debuginfo-0:4.2.6p5-25.el7
  • ntp-doc-0:4.2.6p5-25.el7
  • ntp-perl-0:4.2.6p5-25.el7
  • ntpdate-0:4.2.6p5-25.el7
  • sntp-0:4.2.6p5-25.el7

Talos

idTALOS-2016-0074
last seen2019-05-29
published2016-01-19
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0074
titleNetwork Time Protocol Private Mode 'reslist' NULL Pointer Dereference Vulnerability

References