CVE-2015-7848

Title:

NETWORK TIME PROTOCOL NTPD MULTIPLE INTEGER OVERFLOW READ ACCESS VIOLATIONS

CVE ID:

CVE-2015-7848

Description:

The MITRE CVE dictionary describes this issue as:

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

Find out more about CVE-2015-7848 from the MITRE CVE dictionary and NIST NVD.


Statement:

This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7, as they do not include the affected functionality.

CVSS Score:

CVSS V2: – 4.3 – AV:N/AC:M/Au:N/C:N/I:N/A:P

External References:

http://talosintel.com/reports/TALOS-2015-0052/
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
https://access.redhat.com/security/cve/cve-2015-7848

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr