CVE-2015-7977

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 30-01-2017 10:59

Last modified: - 01-02-2022 07:13

Total changes: - 5

Description

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

5.9

Base score

2.2

3.6

Exploitability score

Impact score

Verification logic

vendor=ntp AND product=ntp AND versionEndIncluding=4.2.8

vendor=ntp AND product=ntp AND version=4.2.8 AND update=-

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta1

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta2

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta3

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta4

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta5

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-rc1

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-rc2

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2-rc1

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2-rc2

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2-rc3

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3-rc1

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3-rc2

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3-rc3

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p4

vendor=ntp AND product=ntp AND version=4.2.8 AND update=p5

vendor=ntp AND product=ntp AND versionStartIncluding=4.3.0 AND versionEndExcluding=4.3.90

vendor=oracle AND product=linux AND version=6 AND update=-

AND

vendor=siemens AND product=tim_4r-ie_firmware

vendor=siemens AND product=tim_4r-ie

AND

vendor=siemens AND product=tim_4r-ie_dnp3_firmware AND version=-

vendor=siemens AND product=tim_4r-ie_dnp3 AND version=-

vendor=netapp AND product=clustered_data_ontap AND version=-

vendor=netapp AND product=oncommand_balance AND version=-

vendor=freebsd AND product=freebsd AND version=9.3 AND update=-

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p1

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p10

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p12

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p13

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p16

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p19

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p2

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p20

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p21

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p22

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p23

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p24

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p25

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p28

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p3

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p30

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p31

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p32

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p33

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p34

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p5

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p6

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p7

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p8

vendor=freebsd AND product=freebsd AND version=9.3 AND update=p9

vendor=freebsd AND product=freebsd AND version=10.1 AND update=-

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p1

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p10

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p12

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p15

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p16

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p17

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p18

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p19

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p2

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p22

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p24

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p25

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p26

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p27

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p3

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p4

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p5

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p6

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p7

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p8

vendor=freebsd AND product=freebsd AND version=10.1 AND update=p9

vendor=freebsd AND product=freebsd AND version=10.2 AND update=-

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p1

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p10

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p2

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p5

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p7

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p8

vendor=freebsd AND product=freebsd AND version=10.2 AND update=p9

vendor=fedoraproject AND product=fedora AND version=22

vendor=fedoraproject AND product=fedora AND version=23

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=canonical AND product=ubuntu_linux AND version=12.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=lts

Reference

VU#718152-Third Party Advisory, US Government Resource
GLSA-201607-15-Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa113
USN-3096-1-Third Party Advisory
1034782-Third Party Advisory, VDB Entry
81815-Third Party Advisory, VDB Entry
DSA-3629-Third Party Advisory
20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016-Third Party Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
http://support.ntp.org/bin/view/Main/NtpBug2939
RHSA-2016:2583-Broken Link
RHSA-2016:0780-Broken Link
openSUSE-SU-2016:1423-Broken Link
SUSE-SU-2016:2094-Broken Link
SUSE-SU-2016:1912-Third Party Advisory
SUSE-SU-2016:1311-Broken Link
openSUSE-SU-2016:1292-Broken Link
SUSE-SU-2016:1247-Broken Link
SUSE-SU-2016:1177-Broken Link
SUSE-SU-2016:1175-Broken Link
FEDORA-2016-8bb1932088-Third Party Advisory
FEDORA-2016-34bc10a2c8-Third Party Advisory
https://security.netapp.com/advisory/ntap-20171031-0001/
FreeBSD-SA-16:09-Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Keywords

CVE-2015-7977

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-7977

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures