Lucene search
F5F5:K02360853HistoryJan 21, 2016 - 12:00 a.m.
K02360853 : NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195
2016-01-2100:00:00
my.f5.com
16
Security Advisory Description
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
Impact
The ntpdprocess could stop responding, due to an uninitialized variable, when processing malformed configuration commands.
F5 has evaluated this vulnerability as having low impact to the BIG-IP product line for the following reasons:
- This issue is not exposed in a BIG-IP system default configuration.
- The configuration that exposes the issue is not recommended by F5.
Related
nessus
nessus
F5 Networks BIG-IP : NTP vulnerabilities (K02360853)
2017-03-01 00:00:00
Fedora 22 : ntp-4.2.6p5-33.fc22 (2015-14212)
2015-10-12 00:00:00
Fedora 23 : ntp-4.2.6p5-33.fc23 (2015-14213)
2015-09-21 00:00:00
f5
f5
SOL02360853 - NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195
2016-01-21 00:00:00
prion
prion
Command injection
2017-07-21 14:29:00
Design/Logic Flaw
2017-07-21 14:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:53
Denial Of Service (DoS)
2019-05-02 05:29:36
debiancve
debiancve
CVE-2015-5194
2017-07-21 14:29:00
CVE-2015-5195
2017-07-21 14:29:00
ubuntucve
ubuntucve
CVE-2015-5194
2015-08-25 00:00:00
CVE-2015-5195
2015-08-25 00:00:00
cvelist
cvelist
CVE-2015-5194
2017-07-21 14:00:00
CVE-2015-5195
2017-07-21 14:00:00
nvd
nvd
fedora
fedora
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-33.fc22
2015-10-12 02:20:00
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-33.fc23
2015-09-20 15:27:57
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-34.fc21
2015-11-04 22:51:44
openvas
openvas
Fedora Update for ntp FEDORA-2015-14212
2015-10-13 00:00:00
Mageia: Security Advisory (MGASA-2015-0348)
2015-10-15 00:00:00
NTP < 4.2.7p42 DoS Vulnerability
2021-07-07 00:00:00
cve
cve
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-09-08 20:55:59
amazon
amazon
Low: ntp
2015-09-02 12:00:00
redhat
redhat
(RHSA-2016:0780) Moderate: ntp security and bug fix update
2016-05-10 06:42:20
(RHSA-2016:2583) Moderate: ntp security and bug fix update
2016-11-03 06:07:15
centos
centos
ntp, ntpdate security update
2016-05-16 10:19:19
ntp, ntpdate, sntp security update
2016-11-25 16:00:55
ibm
ibm
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in NTP
2018-06-16 21:45:47
Security Bulletin: Vulnerabilities in NTP affect PowerKVM
2018-06-18 01:34:47
oraclelinux
oraclelinux
ntp security and bug fix update
2016-05-12 00:00:00
ntp security and bug fix update
2016-11-09 00:00:00
osv
osv
ntp - security update
2015-11-01 00:00:00
ntp - security update
2015-10-28 00:00:00
securityvulns
securityvulns
ntp multiple security vulnerabilities
2015-11-01 00:00:00
[USN-2783-1] NTP vulnerabilities
2015-11-01 00:00:00
debian
debian
[SECURITY] [DLA 335-1] ntp security update
2015-10-28 20:45:05
[SECURITY] [DSA 3388-1] ntp security update
2015-11-01 22:20:55
ubuntu
ubuntu
NTP vulnerabilities
2015-10-27 00:00:00
suse
suse
Security update for ntp (important)
2016-05-17 15:09:17
Security update for ntp (important)
2016-07-29 19:08:48
Security update for yast2-ntp-client (important)
2016-08-17 21:08:25