K17528 : NTP vulnerability CVE-2015-7850

2015-11-1000:00:00

my.f5.com

7.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Security Advisory Description

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. (CVE-2015-7850)

Impact

Under certain specific conditions, an attacker can send a set of packets to ntpd that will cause it to stop responding and/or create a potentially large log file.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.6.0
big-ip afmeq11.6.1
big-ip afmeq12.0.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.6.0
big-ip afm	eq	11.6.1
big-ip afm	eq	12.0.0