Wind River Support Network


LIN7-5773 : Security Advisory - ntp - CVE-2015-5300

Created: Mar 14, 2016    Updated: Sep 8, 2018
Resolved Date: Mar 25, 2016
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. 

Other Downloads


Live chat