CVE-2015-5300

7.5 HIGH

Published: July 21, 2017 Modified: May 13, 2026

Description

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1930.html

Source: secalert@redhat.com

Third Party Advisory

http://seclists.org/bugtraq/2016/Feb/164

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://support.ntp.org/bin/view/Main/NtpBug2956

Source: secalert@redhat.com

Issue Tracking Patch Vendor Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit

Source: secalert@redhat.com

Issue Tracking Patch Vendor Advisory

http://www.debian.org/security/2015/dsa-3388

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/77312

Source: secalert@redhat.com

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1034670

Source: secalert@redhat.com

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-2783-1

Source: secalert@redhat.com

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa113

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1271076

Source: secalert@redhat.com

Issue Tracking

https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01

Source: secalert@redhat.com

Third Party Advisory US Government Resource

https://security.netapp.com/advisory/ntap-20171004-0001/

Source: secalert@redhat.com

https://support.citrix.com/article/CTX220112

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21979393

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21980676

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21983501

Source: secalert@redhat.com

Third Party Advisory

https://www-01.ibm.com/support/docview.wss?uid=swg21983506

Source: secalert@redhat.com

Third Party Advisory

https://www.cs.bu.edu/~goldbe/NTPattack.html

Source: secalert@redhat.com

Third Party Advisory

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc

Source: secalert@redhat.com

Third Party Advisory

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

Third Party Advisory

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc