CVE-2015-7853
CVE-2015-7853
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00093.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlhttp://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.htmlhttps://bto.bluecoat.com/security-advisory/sa103https://bugzilla.redhat.com/show_bug.cgi?id=1274262https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfhttps://security.gentoo.org/glsa/201607-15