// For flags

CVE-2015-7978

ntp: stack exhaustion in recursive traversal of restriction list

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.

NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (agotamiento de la pila) a través de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones.

A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-10-23 CVE Reserved
  • 2016-02-25 CVE Published
  • 2024-05-02 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (26)
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html 2018-05-18
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html 2018-05-18
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html 2018-05-18
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html 2018-05-18
http://rhn.redhat.com/errata/RHSA-2016-0780.html 2018-05-18
http://rhn.redhat.com/errata/RHSA-2016-2583.html 2018-05-18
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security 2018-05-18
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd 2018-05-18
http://www.debian.org/security/2016/dsa-3629 2018-05-18
http://www.ubuntu.com/usn/USN-3096-1 2018-05-18
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc 2018-05-18
https://security.gentoo.org/glsa/201607-15 2018-05-18
https://access.redhat.com/security/cve/CVE-2015-7978 2016-11-03
https://bugzilla.redhat.com/show_bug.cgi?id=1300270 2016-11-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
<= 4.2.8
Search vendor "Ntp" for product "Ntp" and version " <= 4.2.8"
p5
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.0
Search vendor "Ntp" for product "Ntp" and version "4.3.0"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.1
Search vendor "Ntp" for product "Ntp" and version "4.3.1"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.2
Search vendor "Ntp" for product "Ntp" and version "4.3.2"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.3
Search vendor "Ntp" for product "Ntp" and version "4.3.3"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.4
Search vendor "Ntp" for product "Ntp" and version "4.3.4"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.5
Search vendor "Ntp" for product "Ntp" and version "4.3.5"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.6
Search vendor "Ntp" for product "Ntp" and version "4.3.6"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.7
Search vendor "Ntp" for product "Ntp" and version "4.3.7"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.8
Search vendor "Ntp" for product "Ntp" and version "4.3.8"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.10
Search vendor "Ntp" for product "Ntp" and version "4.3.10"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.11
Search vendor "Ntp" for product "Ntp" and version "4.3.11"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.12
Search vendor "Ntp" for product "Ntp" and version "4.3.12"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.13
Search vendor "Ntp" for product "Ntp" and version "4.3.13"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.14
Search vendor "Ntp" for product "Ntp" and version "4.3.14"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.15
Search vendor "Ntp" for product "Ntp" and version "4.3.15"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.16
Search vendor "Ntp" for product "Ntp" and version "4.3.16"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.17
Search vendor "Ntp" for product "Ntp" and version "4.3.17"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.18
Search vendor "Ntp" for product "Ntp" and version "4.3.18"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.19
Search vendor "Ntp" for product "Ntp" and version "4.3.19"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.20
Search vendor "Ntp" for product "Ntp" and version "4.3.20"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.21
Search vendor "Ntp" for product "Ntp" and version "4.3.21"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.22
Search vendor "Ntp" for product "Ntp" and version "4.3.22"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.23
Search vendor "Ntp" for product "Ntp" and version "4.3.23"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.24
Search vendor "Ntp" for product "Ntp" and version "4.3.24"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.25
Search vendor "Ntp" for product "Ntp" and version "4.3.25"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.26
Search vendor "Ntp" for product "Ntp" and version "4.3.26"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.27
Search vendor "Ntp" for product "Ntp" and version "4.3.27"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.28
Search vendor "Ntp" for product "Ntp" and version "4.3.28"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.29
Search vendor "Ntp" for product "Ntp" and version "4.3.29"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.30
Search vendor "Ntp" for product "Ntp" and version "4.3.30"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.31
Search vendor "Ntp" for product "Ntp" and version "4.3.31"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.32
Search vendor "Ntp" for product "Ntp" and version "4.3.32"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.33
Search vendor "Ntp" for product "Ntp" and version "4.3.33"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.34
Search vendor "Ntp" for product "Ntp" and version "4.3.34"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.35
Search vendor "Ntp" for product "Ntp" and version "4.3.35"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.36
Search vendor "Ntp" for product "Ntp" and version "4.3.36"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.37
Search vendor "Ntp" for product "Ntp" and version "4.3.37"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.38
Search vendor "Ntp" for product "Ntp" and version "4.3.38"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.39
Search vendor "Ntp" for product "Ntp" and version "4.3.39"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.40
Search vendor "Ntp" for product "Ntp" and version "4.3.40"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.41
Search vendor "Ntp" for product "Ntp" and version "4.3.41"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.42
Search vendor "Ntp" for product "Ntp" and version "4.3.42"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.43
Search vendor "Ntp" for product "Ntp" and version "4.3.43"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.44
Search vendor "Ntp" for product "Ntp" and version "4.3.44"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.45
Search vendor "Ntp" for product "Ntp" and version "4.3.45"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.46
Search vendor "Ntp" for product "Ntp" and version "4.3.46"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.47
Search vendor "Ntp" for product "Ntp" and version "4.3.47"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.48
Search vendor "Ntp" for product "Ntp" and version "4.3.48"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.49
Search vendor "Ntp" for product "Ntp" and version "4.3.49"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.50
Search vendor "Ntp" for product "Ntp" and version "4.3.50"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.51
Search vendor "Ntp" for product "Ntp" and version "4.3.51"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.52
Search vendor "Ntp" for product "Ntp" and version "4.3.52"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.53
Search vendor "Ntp" for product "Ntp" and version "4.3.53"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.54
Search vendor "Ntp" for product "Ntp" and version "4.3.54"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.55
Search vendor "Ntp" for product "Ntp" and version "4.3.55"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.56
Search vendor "Ntp" for product "Ntp" and version "4.3.56"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.57
Search vendor "Ntp" for product "Ntp" and version "4.3.57"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.58
Search vendor "Ntp" for product "Ntp" and version "4.3.58"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.59
Search vendor "Ntp" for product "Ntp" and version "4.3.59"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.60
Search vendor "Ntp" for product "Ntp" and version "4.3.60"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.61
Search vendor "Ntp" for product "Ntp" and version "4.3.61"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.62
Search vendor "Ntp" for product "Ntp" and version "4.3.62"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.63
Search vendor "Ntp" for product "Ntp" and version "4.3.63"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.64
Search vendor "Ntp" for product "Ntp" and version "4.3.64"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.65
Search vendor "Ntp" for product "Ntp" and version "4.3.65"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.66
Search vendor "Ntp" for product "Ntp" and version "4.3.66"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.67
Search vendor "Ntp" for product "Ntp" and version "4.3.67"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.68
Search vendor "Ntp" for product "Ntp" and version "4.3.68"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.69
Search vendor "Ntp" for product "Ntp" and version "4.3.69"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.70
Search vendor "Ntp" for product "Ntp" and version "4.3.70"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.71
Search vendor "Ntp" for product "Ntp" and version "4.3.71"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.72
Search vendor "Ntp" for product "Ntp" and version "4.3.72"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.73
Search vendor "Ntp" for product "Ntp" and version "4.3.73"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.74
Search vendor "Ntp" for product "Ntp" and version "4.3.74"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.75
Search vendor "Ntp" for product "Ntp" and version "4.3.75"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.76
Search vendor "Ntp" for product "Ntp" and version "4.3.76"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.77
Search vendor "Ntp" for product "Ntp" and version "4.3.77"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.78
Search vendor "Ntp" for product "Ntp" and version "4.3.78"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.79
Search vendor "Ntp" for product "Ntp" and version "4.3.79"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.80
Search vendor "Ntp" for product "Ntp" and version "4.3.80"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.81
Search vendor "Ntp" for product "Ntp" and version "4.3.81"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.82
Search vendor "Ntp" for product "Ntp" and version "4.3.82"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.83
Search vendor "Ntp" for product "Ntp" and version "4.3.83"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.84
Search vendor "Ntp" for product "Ntp" and version "4.3.84"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.85
Search vendor "Ntp" for product "Ntp" and version "4.3.85"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.86
Search vendor "Ntp" for product "Ntp" and version "4.3.86"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.87
Search vendor "Ntp" for product "Ntp" and version "4.3.87"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.88
Search vendor "Ntp" for product "Ntp" and version "4.3.88"
-
Affected
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.3.89
Search vendor "Ntp" for product "Ntp" and version "4.3.89"
-
Affected