Home CVE Database CVE-2015-5300



It was found that ntpd did not correctly implement the threshold limitation for the \'-g\' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Mar 12, 2016
Related ID: --
CVSS v2: High
Modified Date: Mar 12, 2016

Find out more about CVE-2015-5300 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --



Live chat