Wind River Support Network

HomeDefectsLIN6-10996
Fixed

LIN6-10996 : Security Advisory - ntp - CVE-2015-5300

Created: Mar 14, 2016    Updated: Dec 3, 2018
Resolved Date: Mar 25, 2016
Found In Version: 6.0.0.28
Fix Version: 6.0.0.29
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5300 

Other Downloads


Live chat
Online