CVE-2015-5146 in Ubuntu

CVE-2015-5146

Priority

Low

Description

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote
authenticated users with knowledge of the configuration password and access
to a computer entrusted to perform remote configuration to cause a denial
of service (service crash) via a NULL byte in a crafted configuration
directive packet.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
https://usn.ubuntu.com/usn/usn-2783-1

Bugs

http://bugs.ntp.org/show_bug.cgi?id=2853

Notes

sarnold> non-default configuration, requires knowledge of remote
authentication password, and ACL-authorized source

Assigned-to

mdeslaur

Package

Source: ntp (LP Ubuntu Debian)

Upstream:	released (4.3.25, 4.2.8p3-RC1)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:4.2.6.p5+dfsg-3ubuntu8.1)

Patches:

Upstream:

https://github.com/ntp-project/ntp/commit/c3e7afb9cd88784c6b4f81182bd878fc3a2d23a1

More Information

Updated: 2017-12-15 20:34:27 UTC (commit 13913)