Home CVE Database CVE-2015-5300

CVE-2015-5300

Description

It was found that ntpd did not correctly implement the threshold limitation for the \'-g\' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Mar 12, 2016
Related ID: --
CVSS v2: High
Modified Date: Mar 12, 2016

Find out more about CVE-2015-5300 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

ntp

Live chat
Online