CVE-2015-7978
ntp: stack exhaustion in recursive traversal of restriction list
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (agotamiento de la pila) a través de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones.
A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-10-23 CVE Reserved
- 2016-02-25 CVE Published
- 2024-05-02 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/81962 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034782 | Third Party Advisory | |
| https://bto.bluecoat.com/security-advisory/sa113 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20171031-0001 | X_refsource_confirm |
|
| https://www.kb.cert.org/vuls/id/718152 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | <= 4.2.8 Search vendor "Ntp" for product "Ntp" and version " <= 4.2.8" | p5 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.0 Search vendor "Ntp" for product "Ntp" and version "4.3.0" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.1 Search vendor "Ntp" for product "Ntp" and version "4.3.1" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.2 Search vendor "Ntp" for product "Ntp" and version "4.3.2" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.3 Search vendor "Ntp" for product "Ntp" and version "4.3.3" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.4 Search vendor "Ntp" for product "Ntp" and version "4.3.4" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.5 Search vendor "Ntp" for product "Ntp" and version "4.3.5" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.6 Search vendor "Ntp" for product "Ntp" and version "4.3.6" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.7 Search vendor "Ntp" for product "Ntp" and version "4.3.7" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.8 Search vendor "Ntp" for product "Ntp" and version "4.3.8" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.10 Search vendor "Ntp" for product "Ntp" and version "4.3.10" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.11 Search vendor "Ntp" for product "Ntp" and version "4.3.11" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.12 Search vendor "Ntp" for product "Ntp" and version "4.3.12" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.13 Search vendor "Ntp" for product "Ntp" and version "4.3.13" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.14 Search vendor "Ntp" for product "Ntp" and version "4.3.14" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.15 Search vendor "Ntp" for product "Ntp" and version "4.3.15" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.16 Search vendor "Ntp" for product "Ntp" and version "4.3.16" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.17 Search vendor "Ntp" for product "Ntp" and version "4.3.17" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.18 Search vendor "Ntp" for product "Ntp" and version "4.3.18" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.19 Search vendor "Ntp" for product "Ntp" and version "4.3.19" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.20 Search vendor "Ntp" for product "Ntp" and version "4.3.20" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.21 Search vendor "Ntp" for product "Ntp" and version "4.3.21" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.22 Search vendor "Ntp" for product "Ntp" and version "4.3.22" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.23 Search vendor "Ntp" for product "Ntp" and version "4.3.23" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.24 Search vendor "Ntp" for product "Ntp" and version "4.3.24" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.25 Search vendor "Ntp" for product "Ntp" and version "4.3.25" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.26 Search vendor "Ntp" for product "Ntp" and version "4.3.26" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.27 Search vendor "Ntp" for product "Ntp" and version "4.3.27" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.28 Search vendor "Ntp" for product "Ntp" and version "4.3.28" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.29 Search vendor "Ntp" for product "Ntp" and version "4.3.29" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.30 Search vendor "Ntp" for product "Ntp" and version "4.3.30" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.31 Search vendor "Ntp" for product "Ntp" and version "4.3.31" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.32 Search vendor "Ntp" for product "Ntp" and version "4.3.32" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.33 Search vendor "Ntp" for product "Ntp" and version "4.3.33" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.34 Search vendor "Ntp" for product "Ntp" and version "4.3.34" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.35 Search vendor "Ntp" for product "Ntp" and version "4.3.35" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.36 Search vendor "Ntp" for product "Ntp" and version "4.3.36" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.37 Search vendor "Ntp" for product "Ntp" and version "4.3.37" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.38 Search vendor "Ntp" for product "Ntp" and version "4.3.38" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.39 Search vendor "Ntp" for product "Ntp" and version "4.3.39" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.40 Search vendor "Ntp" for product "Ntp" and version "4.3.40" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.41 Search vendor "Ntp" for product "Ntp" and version "4.3.41" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.42 Search vendor "Ntp" for product "Ntp" and version "4.3.42" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.43 Search vendor "Ntp" for product "Ntp" and version "4.3.43" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.44 Search vendor "Ntp" for product "Ntp" and version "4.3.44" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.45 Search vendor "Ntp" for product "Ntp" and version "4.3.45" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.46 Search vendor "Ntp" for product "Ntp" and version "4.3.46" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.47 Search vendor "Ntp" for product "Ntp" and version "4.3.47" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.48 Search vendor "Ntp" for product "Ntp" and version "4.3.48" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.49 Search vendor "Ntp" for product "Ntp" and version "4.3.49" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.50 Search vendor "Ntp" for product "Ntp" and version "4.3.50" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.51 Search vendor "Ntp" for product "Ntp" and version "4.3.51" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.52 Search vendor "Ntp" for product "Ntp" and version "4.3.52" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.53 Search vendor "Ntp" for product "Ntp" and version "4.3.53" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.54 Search vendor "Ntp" for product "Ntp" and version "4.3.54" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.55 Search vendor "Ntp" for product "Ntp" and version "4.3.55" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.56 Search vendor "Ntp" for product "Ntp" and version "4.3.56" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.57 Search vendor "Ntp" for product "Ntp" and version "4.3.57" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.58 Search vendor "Ntp" for product "Ntp" and version "4.3.58" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.59 Search vendor "Ntp" for product "Ntp" and version "4.3.59" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.60 Search vendor "Ntp" for product "Ntp" and version "4.3.60" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.61 Search vendor "Ntp" for product "Ntp" and version "4.3.61" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.62 Search vendor "Ntp" for product "Ntp" and version "4.3.62" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.63 Search vendor "Ntp" for product "Ntp" and version "4.3.63" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.64 Search vendor "Ntp" for product "Ntp" and version "4.3.64" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.65 Search vendor "Ntp" for product "Ntp" and version "4.3.65" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.66 Search vendor "Ntp" for product "Ntp" and version "4.3.66" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.67 Search vendor "Ntp" for product "Ntp" and version "4.3.67" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.68 Search vendor "Ntp" for product "Ntp" and version "4.3.68" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.69 Search vendor "Ntp" for product "Ntp" and version "4.3.69" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.70 Search vendor "Ntp" for product "Ntp" and version "4.3.70" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.71 Search vendor "Ntp" for product "Ntp" and version "4.3.71" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.72 Search vendor "Ntp" for product "Ntp" and version "4.3.72" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.73 Search vendor "Ntp" for product "Ntp" and version "4.3.73" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.74 Search vendor "Ntp" for product "Ntp" and version "4.3.74" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.75 Search vendor "Ntp" for product "Ntp" and version "4.3.75" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.76 Search vendor "Ntp" for product "Ntp" and version "4.3.76" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.77 Search vendor "Ntp" for product "Ntp" and version "4.3.77" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.78 Search vendor "Ntp" for product "Ntp" and version "4.3.78" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.79 Search vendor "Ntp" for product "Ntp" and version "4.3.79" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.80 Search vendor "Ntp" for product "Ntp" and version "4.3.80" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.81 Search vendor "Ntp" for product "Ntp" and version "4.3.81" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.82 Search vendor "Ntp" for product "Ntp" and version "4.3.82" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.83 Search vendor "Ntp" for product "Ntp" and version "4.3.83" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.84 Search vendor "Ntp" for product "Ntp" and version "4.3.84" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.85 Search vendor "Ntp" for product "Ntp" and version "4.3.85" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.86 Search vendor "Ntp" for product "Ntp" and version "4.3.86" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.87 Search vendor "Ntp" for product "Ntp" and version "4.3.87" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.88 Search vendor "Ntp" for product "Ntp" and version "4.3.88" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.89 Search vendor "Ntp" for product "Ntp" and version "4.3.89" | - |
Affected
| ||||||