Bugzilla – Full Text Bug Listing
|Summary:||VUL-1: CVE-2015-5146: ntp,xntp: ntpd control message crash: Crafted NUL-byte in configuration directive. VU#668167|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Marcus Meissner <meissner>|
|Component:||Incidents||Assignee:||Security Team bot <security-team>|
|Status:||RESOLVED FIXED||QA Contact:||Security Team bot <security-team>|
|Priority:||P4 - Low||CC:||astieger, jsegitz, smash_bz, vpereira|
|Found By:||---||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Marcus Meissner 2015-07-01 05:53:22 UTC
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi ntpd control message crash: Crafted NUL-byte in configuration directive. Date Resolved: Stable (4.2.8p3) 29 Jun 2015 References: Sec 2853/ CVE-2015-5146 / VU#668167 / CERT-FI Case 829967 Affects: 4.2.5p3 up to, but not including 4.2.8p3-RC1, and 4.3.0 up to, but not including 4.3.25 CVSS: (AV:A/AC:M/Au:S/C:P/I:P/A:P) Base Score: 4.9 at likely worst, 1.4 or less at likely best Summary: Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: ntpd set up to allow for remote configuration (not allowed by default), and knowledge of the configuration password, and access to a computer entrusted to perform remote configuration. Mitigation: Upgrade to 4.2.8p3-RC1 or 4.3.25, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Be prudent when deciding what IP addresses can perform remote configuration of an ntpd instance. Monitor your ntpd instances. Credit: This weakness was discovered by Aleksis Kauppinen of Codenomicon.
Comment 1 Marcus Meissner 2015-07-01 05:53:54 UTC
Comment 2 Andreas Stieger 2015-07-01 10:37:12 UTC
"This bug affects ntpd-4.2.5p3 until 4.2.8p3, or 4.3.0 until 4.3.25." SLE 11 SP3 and earlier not affected. SLE 11 SP4 affected SLE 12 affected openSUSE 13.1 affected openSUSE 13.2 affected
Comment 3 Swamp Workflow Management 2015-07-01 22:00:17 UTC
bugbot adjusting priority
Comment 4 SMASH SMASH 2016-01-07 10:24:37 UTC
An update workflow for this issue was started. This issue was rated as "low". Please submit fixed packages until "Jan. 14, 2016". When done, reassign the bug to "email@example.com". /update/121227/.
Comment 5 Reinhard Max 2016-05-18 10:51:48 UTC
Fix contained in the 4.2.8p6/p7 update.
Comment 6 Marcus Meissner 2016-06-01 16:18:49 UTC