CVE-2015-7852 in Ubuntu

CVE-2015-7852

Priority

Medium

Description

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote
attackers to cause a denial of service (crash) via crafted mode 6 response
packets.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html
http://talosintel.com/reports/TALOS-2015-0063/
https://usn.ubuntu.com/usn/usn-2783-1

Bugs

http://bugs.ntp.org/show_bug.cgi?id=2919

Assigned-to

mdeslaur

Package

Source: ntp (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):	released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:4.2.6.p5+dfsg-3ubuntu8.1)

Patches:

Upstream:

https://github.com/ntp-project/ntp/commit/07a5b8141e354a998a52994c3c9cd547927e56ce

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:34:37 UTC (commit 13913)