CVE-2015-5300
UnknownEPSS 8.96%
Last modified
CVE-2015-5300 is a vulnerability of currently unknown severity. The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).. EPSS estimates a 8.96% chance of exploitation in the next 30 days.
Description
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Fedoraproject | Fedora | 21 | — |
| Fedoraproject | Fedora | 22 | — |
| Suse | Linux Enterprise Debuginfo | 11 | Sp2 |
| Opensuse | Leap | 42.1 | — |
| Opensuse | Opensuse | 13.2 | — |
| Suse | Linux Enterprise Desktop | 12 | — |
| Suse | Linux Enterprise Server | 10 | Sp4 |
| Suse | Linux Enterprise Server | 11 | Sp2 |
| Suse | Linux Enterprise Server | 12 | Sp1 |
| Suse | Linux Enterprise Software Development Kit | 12 | — |
| Suse | Manager | 2.1 | — |
| Suse | Manager Proxy | 2.1 | — |
| Suse | Openstack Cloud | 5 | — |
| Suse | Suse Linux Enterprise Server | 12 | — |
| Redhat | Enterprise Linux Desktop | 6.0 | — |
| Redhat | Enterprise Linux Desktop | 7.0 | — |
| Redhat | Enterprise Linux Hpc Node | 6.0 | — |
| Redhat | Enterprise Linux Hpc Node | 7.0 | — |
| Redhat | Enterprise Linux Hpc Node Eus | 7.1 | — |
| Redhat | Enterprise Linux Server | 6.0 | — |
| Redhat | Enterprise Linux Server | 7.0 | — |
| Redhat | Enterprise Linux Server Eus | 6.7.z | — |
| Redhat | Enterprise Linux Server Eus | 7.1 | — |
| Redhat | Enterprise Linux Workstation | 6.0 | — |
| Redhat | Enterprise Linux Workstation | 7.0 | — |
| Debian | Debian Linux | 7.0 | — |
| Debian | Debian Linux | 8.0 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
| Canonical | Ubuntu Linux | 15.04 | — |
| Canonical | Ubuntu Linux | 15.10 | — |
| Ntp | Ntp | <= 4.2.8 | P4 |
References
- http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1930.htmlThird Party Advisory
- http://seclists.org/bugtraq/2016/Feb/164Mailing List, Third Party Advisory
- http://support.ntp.org/bin/view/Main/NtpBug2956Issue Tracking, Patch, Vendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_SecuritIssue Tracking, Patch, Vendor Advisory
- http://www.debian.org/security/2015/dsa-3388Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
- http://www.securityfocus.com/bid/77312Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034670Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1271076Issue Tracking
- https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01Third Party Advisory, US Government Resource
- https://support.citrix.com/article/CTX220112Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21979393Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21980676Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21983501Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21983506Third Party Advisory
- https://www.cs.bu.edu/~goldbe/NTPattack.htmlThird Party Advisory
- https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascThird Party Advisory
- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428Third Party Advisory
- https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1930.htmlThird Party Advisory
- http://seclists.org/bugtraq/2016/Feb/164Mailing List, Third Party Advisory
- http://support.ntp.org/bin/view/Main/NtpBug2956Issue Tracking, Patch, Vendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_SecuritIssue Tracking, Patch, Vendor Advisory
- http://www.debian.org/security/2015/dsa-3388Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
- http://www.securityfocus.com/bid/77312Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034670Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1271076Issue Tracking
- https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01Third Party Advisory, US Government Resource
- https://support.citrix.com/article/CTX220112Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21979393Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21980676Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21983501Third Party Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21983506Third Party Advisory
- https://www.cs.bu.edu/~goldbe/NTPattack.htmlThird Party Advisory
- https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascThird Party Advisory
- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428Third Party Advisory
- https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5300?
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
How severe is CVE-2015-5300?
Severity scoring for CVE-2015-5300 is pending analysis. The EPSS model estimates a 8.96% probability of exploitation in the next 30 days.
How do I fix CVE-2015-5300?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-5300?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST