github - ghsa-28h7-c4wm-4753

ghsa-28h7-c4wm-4753

Vulnerability from github

Published

2022-05-14 02:04

Modified

2022-05-14 02:04

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5300"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-21T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).",
  "id": "GHSA-28h7-c4wm-4753",
  "modified": "2022-05-14T02:04:23Z",
  "published": "2022-05-14T02:04:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5300"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
    },
    {
      "type": "WEB",
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
    },
    {
      "type": "WEB",
      "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
    },
    {
      "type": "WEB",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX220112"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20171004-0001"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2016/Feb/164"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77312"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034670"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2015-5300

Vulnerability from cvelistv5

Published

2017-07-21 14:00

Modified

2024-08-06 06:41

Severity ?

Summary

References

▼	URL	Tags
	http://rhn.redhat.com/errata/RHSA-2015-1930.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/bugtraq/2016/Feb/164	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2783-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01	x_refsource_MISC
	https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1271076	x_refsource_CONFIRM
	https://www-01.ibm.com/support/docview.wss?uid=swg21980676	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX220112	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html	vendor-advisory, x_refsource_FEDORA
	https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2015/dsa-3388	vendor-advisory, x_refsource_DEBIAN
	https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	x_refsource_CONFIRM
	http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc	x_refsource_CONFIRM
	https://www.cs.bu.edu/~goldbe/NTPattack.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034670	vdb-entry, x_refsource_SECTRACK
	https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/77312	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	https://www-01.ibm.com/support/docview.wss?uid=swg21979393	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html	vendor-advisory, x_refsource_SUSE
	https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885	x_refsource_CONFIRM
	https://bto.bluecoat.com/security-advisory/sa113	x_refsource_CONFIRM
	https://www-01.ibm.com/support/docview.wss?uid=swg21983501	x_refsource_CONFIRM
	https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/NtpBug2956	x_refsource_CONFIRM
	https://www-01.ibm.com/support/docview.wss?uid=swg21983506	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html	vendor-advisory, x_refsource_SUSE
	https://security.netapp.com/advisory/ntap-20171004-0001/	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1930",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
          },
          {
            "name": "SUSE-SU:2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Feb/164"
          },
          {
            "name": "openSUSE-SU:2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "USN-2783-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2783-1"
          },
          {
            "name": "SUSE-SU:2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX220112"
          },
          {
            "name": "FEDORA-2015-77bfbc1bcd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
          },
          {
            "name": "FEDORA-2015-f5f5ec7b6b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
          },
          {
            "name": "DSA-3388",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
          },
          {
            "name": "SUSE-SU:2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "FEDORA-2016-34bc10a2c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
          },
          {
            "name": "1034670",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034670"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
          },
          {
            "name": "77312",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77312"
          },
          {
            "name": "SUSE-SU:2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "FreeBSD-SA-16:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
          },
          {
            "name": "openSUSE-SU:2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
          },
          {
            "name": "SUSE-SU:2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
          },
          {
            "name": "SUSE-SU:2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-09T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2015:1930",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
        },
        {
          "name": "SUSE-SU:2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/bugtraq/2016/Feb/164"
        },
        {
          "name": "openSUSE-SU:2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "USN-2783-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2783-1"
        },
        {
          "name": "SUSE-SU:2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX220112"
        },
        {
          "name": "FEDORA-2015-77bfbc1bcd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
        },
        {
          "name": "FEDORA-2015-f5f5ec7b6b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
        },
        {
          "name": "DSA-3388",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3388"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
        },
        {
          "name": "SUSE-SU:2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "FEDORA-2016-34bc10a2c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
        },
        {
          "name": "1034670",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034670"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
        },
        {
          "name": "77312",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77312"
        },
        {
          "name": "SUSE-SU:2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "FreeBSD-SA-16:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
        },
        {
          "name": "openSUSE-SU:2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
        },
        {
          "name": "SUSE-SU:2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
        },
        {
          "name": "SUSE-SU:2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:1930",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
            },
            {
              "name": "SUSE-SU:2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
              "refsource": "MLIST",
              "url": "http://seclists.org/bugtraq/2016/Feb/164"
            },
            {
              "name": "openSUSE-SU:2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2783-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "name": "SUSE-SU:2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
            },
            {
              "name": "https://support.citrix.com/article/CTX220112",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX220112"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
            },
            {
              "name": "FEDORA-2015-f5f5ec7b6b",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
            },
            {
              "name": "DSA-3388",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
            },
            {
              "name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
              "refsource": "MISC",
              "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "1034670",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034670"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
            },
            {
              "name": "77312",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77312"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FreeBSD-SA-16:02",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
            },
            {
              "name": "openSUSE-SU:2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
            },
            {
              "name": "SUSE-SU:2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2956",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
            },
            {
              "name": "SUSE-SU:2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5300",
    "datePublished": "2017-07-21T14:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted