Vulnerabilities > CVE-2015-8158 - Unspecified vulnerability in NTP

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
ntp
nessus

Summary

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

Nessus

Redhat

advisories
bugzilla
id1300273
titleCVE-2015-8158 ntp: potential infinite loop in ntpq
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentntp-perl is earlier than 0:4.2.6p5-25.el7
          ovaloval:com.redhat.rhsa:tst:20162583001
        • commentntp-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20142024002
      • AND
        • commentntp-doc is earlier than 0:4.2.6p5-25.el7
          ovaloval:com.redhat.rhsa:tst:20162583003
        • commentntp-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20142024004
      • AND
        • commentsntp is earlier than 0:4.2.6p5-25.el7
          ovaloval:com.redhat.rhsa:tst:20162583005
        • commentsntp is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20142024013
      • AND
        • commentntpdate is earlier than 0:4.2.6p5-25.el7
          ovaloval:com.redhat.rhsa:tst:20162583007
        • commentntpdate is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20142024008
      • AND
        • commentntp is earlier than 0:4.2.6p5-25.el7
          ovaloval:com.redhat.rhsa:tst:20162583009
        • commentntp is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20142024006
rhsa
idRHSA-2016:2583
released2016-11-03
severityModerate
titleRHSA-2016:2583: ntp security and bug fix update (Moderate)
rpms
  • ntp-0:4.2.6p5-25.el7
  • ntp-debuginfo-0:4.2.6p5-25.el7
  • ntp-doc-0:4.2.6p5-25.el7
  • ntp-perl-0:4.2.6p5-25.el7
  • ntpdate-0:4.2.6p5-25.el7
  • sntp-0:4.2.6p5-25.el7

Talos

idTALOS-2016-0080
last seen2019-05-29
published2016-01-19
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0080
titleNetwork Time Protocol ntpq and ntpdc Infinite Loop Vulnerability