ELSA-2015-2231 Moderate: Oracle Linux ntp security, bug fix, and enhancement update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | April 08, 2015 | November 24, 2015 | March 21, 2018 |
Description
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
oracle-linux-upgrade-ntpRelated Vulnerabilities
- Amazon Linux AMI: Security patch for ntp (ALAS-2015-520) (multiple CVEs)
- Gentoo Linux: CVE-2015-1798: NTP: Multiple vulnerablities
- IBM AIX: ntp_advisory5 (CVE-2015-5300): Vulnerability in NTPv4 affects AIX
- Gentoo Linux: CVE-2015-7704: NTP: Multiple vulnerabilities
- USN-2567-1: NTP vulnerabilities
- Cisco SAN-OS: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 (Multiple CVEs)
- OS X update for ntp (CVE-2015-1798)
- Cisco NX-OS: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products (Multiple CVEs)
- Cisco SAN-OS: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products (Multiple CVEs)
- Oracle Solaris 11: CVE-2015-3405: Vulnerability in NTP
- SUSE: CVE-2015-1799: SUSE Linux Security Advisory
- Oracle Solaris 11: CVE-2015-1799: Vulnerability in NTP
- HP-UX: CVE-2015-1799: Symmetric-Key feature allows denial of service
- IBM AIX: ntp4_advisory, ntp_advisory3 (CVE-2015-1799): NTPv4 vulnerabilities that affect AIX
- Cisco IOS: cisco-sa-20151021-ntp: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
- FreeBSD: ntp -- denial of service vulnerability (FreeBSD-SA-16:02.ntp) (CVE-2015-5300)
- FreeBSD: ntp -- multiple vulnerabilities (FreeBSD-SA-16:16.ntp) (Multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- F5 Networks: K16506 (CVE-2015-1799): NTP vulnerability CVE-2015-1799
- ELSA-2015-1459 Moderate: Oracle Linux ntp security, bug fix, and enhancement update
- ELSA-2015-1930 Important: Oracle Linux ntp security update
- Cisco IOS: CVE-2015-1798: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
- DSA-3223-1 ntp -- security update
- F5 Networks: K16505 (CVE-2015-1798): NTP vulnerability CVE-2015-1798
- Oracle Solaris 11: CVE-2015-5300: Vulnerability in NTP
- Gentoo Linux: CVE-2015-1799: NTP: Multiple vulnerablities
- FreeBSD: ntp -- 13 low- and medium-severity vulnerabilities (FreeBSD-SA-15:25.ntp) (Multiple CVEs)
- RHSA-2015:1930: ntp security update
- Oracle Solaris 11: CVE-2015-1798: Vulnerability in NTP
- RHSA-2015:2231: ntp security, bug fix, and enhancement update
- OS X update for ntp (CVE-2015-1799)
- OS X update for Admin Framework (CVE-2015-1799)
- Amazon Linux AMI: Security patch for ntp (ALAS-2015-593) (multiple CVEs)
- Cisco NX-OS: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 (Multiple CVEs)
- Cisco NX-OS: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 (Multiple CVEs)
- HP-UX: CVE-2015-1798: Symmetric-Key feature allows MAC address spoofing.
- Amazon Linux AMI: Security patch for ntp (ALAS-2015-607) (multiple CVEs)
- RHSA-2015:2520: ntp security update
- OS X update for Admin Framework (CVE-2015-1798)
- SUSE: CVE-2015-1798: SUSE Linux Security Advisory
- Oracle Solaris 11: CVE-2015-7704: Vulnerability in NTP
- RHSA-2015:1459: ntp security, bug fix, and enhancement update
- DSA-3154-1 ntp -- security update
- FreeBSD: ntp -- multiple vulnerabilities (FreeBSD-SA-15:07.ntp) (Multiple CVEs)