CVE-2015-5146

Priority
Low
Description
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote
authenticated users with knowledge of the configuration password and access
to a computer entrusted to perform remote configuration to cause a denial
of service (service crash) via a NULL byte in a crafted configuration
directive packet.
References
Bugs
Notes
 sarnold> non-default configuration, requires knowledge of remote
  authentication password, and ACL-authorized source
Assigned-to
mdeslaur
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.3.25, 4.2.8p3-RC1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:4.2.6.p5+dfsg-3ubuntu8.1)
Patches:
Upstream:https://github.com/ntp-project/ntp/commit/c3e7afb9cd88784c6b4f81182bd878fc3a2d23a1
More Information

Updated: 2017-12-15 20:34:27 UTC (commit 13913)