CVE-2020-15025

Gentoo Linux Security Advisory 202007-12

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

ntpd en ntp versión 4.2.8 versiones anteriores a 4.2.8p15 y versiones 4.3.x anteriores a 4.3.101, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) mediante el envío de paquetes, porque la memoria no es liberada en situaciones donde se usa una clave CMAC y está asociada con un algoritmo CMAC en el archivo ntp.keys

An update that solves four vulnerabilities and has two fixes is now available. This update for ntp fixes the following issues. Ntp was updated to 4.2.8p15. Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service. Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets. Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount. Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys. This update was imported from the SUSE:SLE-15:Update update project.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-24 CVE Reserved
2020-06-24 CVE Published
2024-08-04 CVE Updated
2025-06-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (8)

URL	Tag	Source
https://bugs.gentoo.org/729458	Issue Tracking
https://security.netapp.com/advisory/ntap-20200702-0002	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpujan2021.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html	2023-11-07
https://security.gentoo.org/glsa/202007-12	2023-11-07
https://support.ntp.org/bin/view/Main/NtpBug3661	2023-11-07
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	8300 Firmware Search vendor "Netapp" for product "8300 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	8300 Search vendor "Netapp" for product "8300"	-	-	Safe
Netapp Search vendor "Netapp"	8700 Firmware Search vendor "Netapp" for product "8700 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	8700 Search vendor "Netapp" for product "8700"	-	-	Safe
Netapp Search vendor "Netapp"	A400 Firmware Search vendor "Netapp" for product "A400 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	A400 Search vendor "Netapp" for product "A400"	-	-	Safe
Netapp Search vendor "Netapp"	H410c Firmware Search vendor "Netapp" for product "H410c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410c Search vendor "Netapp" for product "H410c"	-	-	Safe
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Netapp Search vendor "Netapp"	H300e Firmware Search vendor "Netapp" for product "H300e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300e Search vendor "Netapp" for product "H300e"	-	-	Safe
Netapp Search vendor "Netapp"	H500e Firmware Search vendor "Netapp" for product "H500e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500e Search vendor "Netapp" for product "H500e"	-	-	Safe
Netapp Search vendor "Netapp"	H700e Firmware Search vendor "Netapp" for product "H700e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700e Search vendor "Netapp" for product "H700e"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				>= 4.3.97 < 4.3.101 Search vendor "Ntp" for product "Ntp" and version " >= 4.3.97 < 4.3.101"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p11		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p12		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p13		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p14		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected
Netapp Search vendor "Netapp"		Cloud Backup Search vendor "Netapp" for product "Cloud Backup"				-		-		Affected
Netapp Search vendor "Netapp"		Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"				-		-		Affected
Oracle Search vendor "Oracle"		Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit"				8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8"		-		Affected