Bug 936690 - (CVE-2015-5146) VUL-1: CVE-2015-5146: ntp,xntp: ntpd control message crash: Crafted NUL-byte in configuration directive. VU#668167
VUL-1: CVE-2015-5146: ntp,xntp: ntpd control message crash: Crafted NUL-byte...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-07-01 05:53 UTC by Marcus Meissner
Modified: 2016-11-22 17:20 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-07-01 05:53:22 UTC

 ntpd control message crash: Crafted NUL-byte in configuration directive.

    Date Resolved: Stable (4.2.8p3) 29 Jun 2015
    References: Sec 2853/ CVE-2015-5146 / VU#668167 / CERT-FI Case 829967
    Affects: 4.2.5p3 up to, but not including 4.2.8p3-RC1, and 4.3.0 up to, but not including 4.3.25
    CVSS: (AV:A/AC:M/Au:S/C:P/I:P/A:P) Base Score: 4.9 at likely worst, 1.4 or less at likely best
    Summary: Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true:
        ntpd set up to allow for remote configuration (not allowed by default), and
        knowledge of the configuration password, and
        access to a computer entrusted to perform remote configuration. 
        Upgrade to 4.2.8p3-RC1 or 4.3.25, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page
        Be prudent when deciding what IP addresses can perform remote configuration of an ntpd instance.
        Monitor your ntpd instances. 
    Credit: This weakness was discovered by Aleksis Kauppinen of Codenomicon.
Comment 1 Marcus Meissner 2015-07-01 05:53:54 UTC
CERT VU#668167
Comment 2 Andreas Stieger 2015-07-01 10:37:12 UTC
"This bug affects ntpd-4.2.5p3 until 4.2.8p3, or 4.3.0 until 4.3.25."

SLE 11 SP3 and earlier not affected.
SLE 11 SP4 affected
SLE 12 affected

openSUSE 13.1 affected
openSUSE 13.2 affected
Comment 3 Swamp Workflow Management 2015-07-01 22:00:17 UTC
bugbot adjusting priority
Comment 4 SMASH SMASH 2016-01-07 10:24:37 UTC
An update workflow for this issue was started.

This issue was rated as "low".
Please submit fixed packages until "Jan. 14, 2016".

When done, reassign the bug to "security-team@suse.de".
Comment 5 Reinhard Max 2016-05-18 10:51:48 UTC
Fix contained in the 4.2.8p6/p7 update.
Comment 6 Marcus Meissner 2016-06-01 16:18:49 UTC