ALT-PU-2020-2616-1
Closed vulnerabilities
Published: 2020-06-24
BDU:2020-03219
Уязвимость демона ntpd реализации протокола синхронизации времени NTP, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-06-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-15025
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
Severity: MEDIUM (4.9)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2020:0934
- openSUSE-SU-2020:0934
- openSUSE-SU-2020:1007
- openSUSE-SU-2020:1007
- https://bugs.gentoo.org/729458
- https://bugs.gentoo.org/729458
- GLSA-202007-12
- GLSA-202007-12
- https://security.netapp.com/advisory/ntap-20200702-0002/
- https://security.netapp.com/advisory/ntap-20200702-0002/
- https://support.ntp.org/bin/view/Main/NtpBug3661
- https://support.ntp.org/bin/view/Main/NtpBug3661
- https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
- https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html