2015 年 10 月に発生した NTP セキュリティ脆弱性
Issue
- 2015 年 10 月 21 日に、NTP の脆弱性について以下のような報告がありました。
- http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Red Hat Security Bugzillas Rated Important
Bug 1274265 - CVE-2015-7871 - ntp: crypto-NAK symmetric association authentication bypass vulnerability
Bug 1271070 - (CVE-2015-7704) CVE-2015-7704 - ntp: disabling synchronization via crafted KoD packet
Red Hat Security Bugzillas Rated Moderate
Bug 1274263 - (CVE-2015-7854) CVE-2015-7854 ntp: password length memory corruption vulnerability
Bug 1274262 - (CVE-2015-7853) CVE-2015-7853 ntp: reference clock memory corruption vulnerability
Bug 1274261 - (CVE-2015-7852) CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
Bug 1274260 - (CVE-2015-7851) CVE-2015-7851 ntp: saveconfig directory traversal vulnerability
Bug 1274257 - (CVE-2015-7849) CVE-2015-7849 ntp: trusted keys memory corruption vulnerability
Bug 1274256 - (CVE-2015-7848) CVE-2015-7848 ntp: multiple integer overflow read access violations
Bug 1274255 - (CVE-2015-7701) CVE-2015-7701 ntp: unspecified slow memory leak in CRYPTO_ASSOC
Bug 1274184 - (CVE-2015-7705) CVE-2015-7705 ntp: denial of service by trigerring rate limiting on NTP server
Bug 1274254 - (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
Red Hat Security Bugzillas Rated Low
Bug 1274264 - (CVE-2015-7855) CVE-2015-7855 ntp:ASSERT in decodenetnum() on invalid values
Bug 1274258 - (CVE-2015-7850) CVE-2015-7850 ntp: remote configuration denial of service vulnerability
Environment
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.