CVE-2015-7702
Medium
Low
Medium
High
Critical
6.5
CVSS Score
Vulnerability Description
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
110 configuration(s) from 5 vendor(s)
debian_linux
Version:
8.0
CPE:
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debian_linux
Version:
7.0
CPE:
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debian_linux
Version:
9.0
CPE:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
oncommand_performance_manager
Version:
-
CPE:
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*
data_ontap
Version:
-
CPE:
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*
clustered_data_ontap
Version:
-
CPE:
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
oncommand_unified_manager
Version:
-
CPE:
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*
ntp
Version:
4.3.75
CPE:
cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
ntp
Version:
4.3.70
CPE:
cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
ntp
Version:
4.3.6
CPE:
cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
ntp
Version:
4.3.44
CPE:
cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
ntp
Version:
4.2.8
CPE:
cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*
ntp
Version:
4.3.26
CPE:
cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
ntp
Version:
4.3.60
CPE:
cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
ntp
Version:
4.3.47
CPE:
cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
ntp
Version:
4.3.35
CPE:
cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
ntp
Version:
4.3.37
CPE:
cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
ntp
Version:
4.2.6
CPE:
cpe:2.3:a:ntp:ntp:4.2.6:p2:*:*:*:*:*:*
ntp
Version:
4.3.58
CPE:
cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
ntp
Version:
4.3.32
CPE:
cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
ntp
Version:
4.3.22
CPE:
cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
ntp
Version:
4.3.15
CPE:
cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
ntp
Version:
4.3.76
CPE:
cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
ntp
Version:
4.3.62
CPE:
cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
ntp
Version:
4.3.38
CPE:
cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
ntp
Version:
4.3.57
CPE:
cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
ntp
Version:
4.3.7
CPE:
cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
ntp
Version:
4.2.5
CPE:
cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*
ntp
Version:
4.3.40
CPE:
cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
ntp
Version:
4.3.73
CPE:
cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
ntp
Version:
4.3.46
CPE:
cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
ntp
Version:
4.3.61
CPE:
cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
ntp
Version:
4.3.4
CPE:
cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
ntp
Version:
4.3.72
CPE:
cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
ntp
Version:
4.3.8
CPE:
cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
ntp
Version:
4.3.52
CPE:
cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
ntp
Version:
4.2.2
CPE:
cpe:2.3:a:ntp:ntp:4.2.2:p2:*:*:*:*:*:*
ntp
Version:
4.3.17
CPE:
cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
ntp
Version:
4.3.66
CPE:
cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
ntp
Version:
4.3.64
CPE:
cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
ntp
Version:
4.3.24
CPE:
cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
ntp
Version:
4.3.3
CPE:
cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
ntp
Version:
4.3.48
CPE:
cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
ntp
Version:
4.3.0
CPE:
cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
ntp
Version:
4.3.27
CPE:
cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
ntp
Version:
4.3.19
CPE:
cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
ntp
Version:
4.3.45
CPE:
cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
ntp
Version:
4.3.67
CPE:
cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
ntp
Version:
4.3.16
CPE:
cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
ntp
Version:
4.3.2
CPE:
cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
ntp
Version:
4.2.4
CPE:
cpe:2.3:a:ntp:ntp:4.2.4:p0:*:*:*:*:*:*
ntp
Version:
4.3.18
CPE:
cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
ntp
Version:
4.2.7
CPE:
cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*
ntp
Version:
4.3.51
CPE:
cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
ntp
Version:
4.3.56
CPE:
cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
ntp
Version:
4.3.34
CPE:
cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
ntp
Version:
4.3.69
CPE:
cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
ntp
Version:
4.3.28
CPE:
cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
ntp
Version:
4.3.59
CPE:
cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
ntp
Version:
4.3.71
CPE:
cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
ntp
Version:
4.3.10
CPE:
cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
ntp
Version:
4.3.20
CPE:
cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
ntp
Version:
4.3.74
CPE:
cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
ntp
Version:
4.3.65
CPE:
cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
ntp
Version:
4.3.14
CPE:
cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
ntp
Version:
4.3.43
CPE:
cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
ntp
Version:
4.3.49
CPE:
cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
ntp
Version:
4.3.12
CPE:
cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
ntp
Version:
4.3.50
CPE:
cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
ntp
Version:
4.3.1
CPE:
cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
ntp
Version:
4.3.13
CPE:
cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
ntp
Version:
4.3.9
CPE:
cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
ntp
Version:
4.3.5
CPE:
cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
ntp
Version:
4.2.0
CPE:
cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*
ntp
Version:
4.3.41
CPE:
cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
ntp
Version:
4.3.30
CPE:
cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
ntp
Version:
4.3.36
CPE:
cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
ntp
Version:
4.3.11
CPE:
cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
ntp
Version:
4.3.55
CPE:
cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
ntp
Version:
4.3.21
CPE:
cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
ntp
Version:
4.3.33
CPE:
cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
ntp
Version:
4.3.53
CPE:
cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
ntp
Version:
4.3.31
CPE:
cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
ntp
Version:
4.3.23
CPE:
cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
ntp
Version:
4.3.68
CPE:
cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
ntp
Version:
4.3.39
CPE:
cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
ntp
Version:
4.3.29
CPE:
cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
ntp
Version:
4.3.63
CPE:
cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
ntp
Version:
4.3.42
CPE:
cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
ntp
Version:
4.3.54
CPE:
cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
ntp
Version:
4.3.25
CPE:
cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
linux
Version:
6
CPE:
cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_eus
Version:
7.3
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
7.4
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
enterprise_linux_server_aus
Version:
7.4
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_server_tus
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
7.7
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_aus
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
enterprise_linux_server_aus
Version:
7.3
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_aus
Version:
7.7
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
7.5
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_server_tus
Version:
7.3
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
enterprise_linux_server_tus
Version:
7.7
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
This vulnerability affects 110 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://rhn.redhat.com/errata/RHSA-2016-0780.htmlcve@mitre.org Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2583.htmlcve@mitre.org Third Party Advisory
-
http://support.ntp.org/bin/view/Main/NtpBug2899cve@mitre.org Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3388cve@mitre.org Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlcve@mitre.org Third Party Advisory
-
http://www.securityfocus.com/bid/77286cve@mitre.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1033951cve@mitre.org Third Party Advisory VDB Entry
-
https://security.gentoo.org/glsa/201607-15cve@mitre.org Third Party Advisory VDB Entry
-
https://security.netapp.com/advisory/ntap-20171004-0001/cve@mitre.org Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0780.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2583.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://support.ntp.org/bin/view/Main/NtpBug2899af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3388af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/77286af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1033951af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://security.gentoo.org/glsa/201607-15af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://security.netapp.com/advisory/ntap-20171004-0001/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
6.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- August 07, 2017
