2015 年 10 月に発生した NTP セキュリティ脆弱性
Issue
- 2015 年 10 月 21 日に、NTP の脆弱性について以下のような報告がありました。
- http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Red Hat Security Bugzillas Rated Important
Bug 1274265 - CVE-2015-7871 - ntp: crypto-NAK symmetric association authentication bypass vulnerability
Bug 1271070 - (CVE-2015-7704) CVE-2015-7704 - ntp: disabling synchronization via crafted KoD packet
Red Hat Security Bugzillas Rated Moderate
Bug 1274263 - (CVE-2015-7854) CVE-2015-7854 ntp: password length memory corruption vulnerability
Bug 1274262 - (CVE-2015-7853) CVE-2015-7853 ntp: reference clock memory corruption vulnerability
Bug 1274261 - (CVE-2015-7852) CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
Bug 1274260 - (CVE-2015-7851) CVE-2015-7851 ntp: saveconfig directory traversal vulnerability
Bug 1274257 - (CVE-2015-7849) CVE-2015-7849 ntp: trusted keys memory corruption vulnerability
Bug 1274256 - (CVE-2015-7848) CVE-2015-7848 ntp: multiple integer overflow read access violations
Bug 1274255 - (CVE-2015-7701) CVE-2015-7701 ntp: unspecified slow memory leak in CRYPTO_ASSOC
Bug 1274184 - (CVE-2015-7705) CVE-2015-7705 ntp: denial of service by trigerring rate limiting on NTP server
Bug 1274254 - (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
Red Hat Security Bugzillas Rated Low
Bug 1274264 - (CVE-2015-7855) CVE-2015-7855 ntp:ASSERT in decodenetnum() on invalid values
Bug 1274258 - (CVE-2015-7850) CVE-2015-7850 ntp: remote configuration denial of service vulnerability
Environment
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.