CVE-2015-5219 - Incorrect Type Conversion or Cast

Severity

50%

Complexity

99%

Confidentiality

48%

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 7 years ago

2017-07-21 14:29:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Fedora 21

21

Fedora 22

22

Fedora Project Fedora 23

23

SUSE Linux Enterprise Debuginfo 11 Service Pack 2

11

SUSE Linux Enterprise Debuginfo 11 Service Pack 3

11

SUSE Linux Enterprise Server 10 Service Pack 4 Long Term Service Pack Support

10

SUSE Linux Enterprise Server 11 Service Pack 2 Long Term Service Pack Support

11

Red Hat Enterprise Linux Desktop 6.0

6.0

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux HPC Node 6.0

6.0

RedHat Enterprise Linux HPC Node 7.0

7.0

Red Hat Enterprise Linux Server 6.0

6.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Workstation 6.0

6.0

RedHat Enterprise Linux Workstation 7.0

7.0

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.04

15.04

Canonical Ubuntu Linux 15.10

15.10

openSUSE Leap 42.1

42.1

References

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc

Third Party Advisory

http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg

Issue Tracking, Patch, Third Party Advisory

FEDORA-2015-77bfbc1bcd

Third Party Advisory

FEDORA-2015-14212

Third Party Advisory

FEDORA-2015-14213

Third Party Advisory

SUSE-SU:2016:1311

Third Party Advisory

openSUSE-SU:2016:3280

Third Party Advisory

RHSA-2016:0780

Third Party Advisory

RHSA-2016:2583

Third Party Advisory

DSA-3388

Third Party Advisory

[oss-security] 20150825 Several low impact ntp.org ntpd issues

Mailing List, Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

76473

Third Party Advisory, VDB Entry

USN-2783-1

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1255118

Issue Tracking

https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8

Issue Tracking, Patch, Third Party Advisory

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21985122

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21986956

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21988706

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21989542

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.