← back
CVE-2015-5194

CVE-2015-5194

EPSS 5.6%
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrAhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0780.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2583.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1254542https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157https://www-01.ibm.com/support/docview.wss?uid=swg21985122