Network Time Protocol CVE-2015-7853 Local Buffer Overflow Vulnerability

Network Time Protocol is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable.

Information

Bugtraq ID: 77273
Class: Boundary Condition Error
CVE: CVE-2015-7853

Remote: No
Local: Yes
Published: Oct 21 2015 12:00AM
Updated: May 19 2017 12:01AM
Credit: Yves Younan of Cisco Talos.
Vulnerable: Slackware Slackware Linux 14.1
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux -current
Rockwell Automation Stratix 5900 0
NTP NTPd 4.2.1
NTP NTPd 4.2
NTP NTP 4.3.25
NTP NTP 4.3
NTP NTP 4.2.8
NTP NTP 4.2.6
NTP NTP 4.2.5 p74
NTP NTP 4.2.5 p153
NTP NTP 4.2.5 p150
NTP NTP 4.2.4 p8
NTP NTP 4.2.4 p7
NTP NTP 4.2.4 p6
NTP NTP 4.2.4 p5
NTP NTP 4.2.4 p4
NTP NTP 4.2.2 p4
NTP NTP 4.2.2 p1
NTP NTP 4.3.70
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.7p366
NTP NTP 4.2.7p111
NTP NTP 4.2.7p11
NTP NTP 4.2.5p3
NTP NTP 4.2.5p186
NTP NTP 4.2.0.a
Juniper Junos OS 0
IBM Vios 2.2.1 4
IBM Vios 2.2
IBM Vios 2.2.4.0
IBM Vios 2.2.3.50
IBM Vios 2.2.3.4
IBM Vios 2.2.3.3
IBM Vios 2.2.3.2
IBM Vios 2.2.3.0
IBM Vios 2.2.2.6
IBM Vios 2.2.2.5
IBM Vios 2.2.2.4
IBM Vios 2.2.2.0
IBM Vios 2.2.1.9
IBM Vios 2.2.1.8
IBM Vios 2.2.1.3
IBM Vios 2.2.1.1
IBM Vios 2.2.1.0
IBM Vios 2.2.0.13
IBM Vios 2.2.0.12
IBM Vios 2.2.0.11
IBM Vios 2.2.0.10
IBM QLogic Virtual Fabric Extension Module for IBM BladeCenter 9.0
IBM QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module 7.10
IBM IB6131 8 Gb Infiniband Switch 3.4
IBM IB6131 8 Gb Infiniband Switch 3.2
IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru 9.1.0.00
IBM Flex System EN6131 40Gb Ethernet Switch 3.4
IBM Flex System EN6131 40Gb Ethernet Switch 3.2
IBM Aix 7.2
IBM Aix 7.1.4
IBM Aix 7.1.3
IBM AIX 7.1.2
IBM AIX 7.1.1
IBM AIX 7.1 6
IBM AIX 7.1
IBM Aix 6.1.9
IBM AIX 6.1.8
IBM AIX 6.1.7 5
IBM AIX 6.1.6 8
IBM AIX 6.1.6
IBM AIX 6.1.5
IBM AIX 6.1.4
IBM AIX 6.1.3
IBM AIX 6.1.2
IBM AIX 6.1.1
IBM AIX 5.3.12 6
IBM AIX 5.3.10
IBM AIX 5.3.9
IBM AIX 5.3.8
IBM AIX 5.3.7
IBM Aix 7.2.0.1
IBM Aix 7.1.4.1
IBM Aix 7.1.3.5
IBM Aix 7.1.2.6
IBM AIX 7.1.2.15
IBM AIX 7.1.1.5
IBM AIX 7.1.1.16
IBM Aix 6.1.9.6
IBM Aix 6.1.9.5
IBM Aix 6.1.8.7
IBM Aix 6.1.8.6
IBM AIX 6.1.8.15
IBM AIX 6.1.7.16
IBM Aix 5.3.12.9
IBM AIX 5.3.12
IBM AIX 5.3.11
FreeBSD Freebsd 9.3-RELEASE-p9
FreeBSD FreeBSD 9.3-RELEASE-p6
FreeBSD FreeBSD 9.3-RELEASE-p5
FreeBSD FreeBSD 9.3-RELEASE-p3
FreeBSD Freebsd 9.3-RELEASE-p25
FreeBSD Freebsd 9.3-RELEASE-p24
FreeBSD Freebsd 9.3-RELEASE-p22
FreeBSD Freebsd 9.3-RELEASE-p21
FreeBSD FreeBSD 9.3-RELEASE-p2
FreeBSD Freebsd 9.3-RELEASE-p13
FreeBSD Freebsd 9.3-RELEASE-p10
FreeBSD FreeBSD 9.3-RELEASE-p1
FreeBSD FreeBSD 9.3-RC3-p1
FreeBSD FreeBSD 9.3-RC2-p1
FreeBSD FreeBSD 9.3-RC2
FreeBSD FreeBSD 9.3-RC1-p2
FreeBSD FreeBSD 9.3-RC
FreeBSD FreeBSD 9.3-PRERELEASE
FreeBSD FreeBSD 9.3-BETA3-p2
FreeBSD FreeBSD 9.3-BETA1-p2
FreeBSD FreeBSD 9.3-BETA1-p1
FreeBSD FreeBSD 9.3-BETA1
FreeBSD FreeBSD 9.3
FreeBSD Freebsd 10.2-RC2-p1
FreeBSD Freebsd 10.2-RC1-p2
FreeBSD Freebsd 10.2-RC1-p1
FreeBSD Freebsd 10.2-PRERELEASE
FreeBSD Freebsd 10.2-BETA2-p3
FreeBSD Freebsd 10.2-BETA2-p2
FreeBSD Freebsd 10.2
FreeBSD FreeBSD 10.1-STABLE
FreeBSD Freebsd 10.1-RELENG
FreeBSD Freebsd 10.1-RELEASE-p9
FreeBSD Freebsd 10.1-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p5
FreeBSD Freebsd 10.1-RELEASE-p19
FreeBSD Freebsd 10.1-RELEASE-p17
FreeBSD Freebsd 10.1-RELEASE-p16
FreeBSD FreeBSD 10.1-RELEASE-p1
FreeBSD Freebsd 10.1-RELEASE
FreeBSD FreeBSD 10.1-RC4-p1
FreeBSD FreeBSD 10.1-RC3-p1
FreeBSD FreeBSD 10.1-RC2-p3
FreeBSD FreeBSD 10.1-RC2-p1
FreeBSD FreeBSD 10.1-RC1-p1
FreeBSD FreeBSD 10.1-PRERELEASE
FreeBSD FreeBSD 10.1-BETA3-p1
FreeBSD FreeBSD 10.1-BETA1-p1
FreeBSD FreeBSD 10.1
Extremenetworks Summit WM3000 Series 0
Extremenetworks Purview Appliance 6.3
Extremenetworks Purview Appliance 6.0
Extremenetworks NetSight Appliance 6.3
Extremenetworks NetSight Appliance 6.0
Extremenetworks NAC Appliance 6.3
Extremenetworks NAC Appliance 6.0
Extremenetworks ExtremeXOS 16.1.2
Extremenetworks ExtremeXOS 15.7.4
Extremenetworks ExtremeXOS 15.7.3 Patch 8
Extremenetworks ExtremeXOS 15.7.3 Patch 1
Extremenetworks ExtremeXOS 15.7.2
Extremenetworks ExtremeXOS 15.7
Extremenetworks ExtremeXOS 15.6.4
Extremenetworks ExtremeXOS 16.1
Extremenetworks ExtremeXOS 15.4.1.3-patch1-10
Extremenetworks ExtremeXOS 15.4.1.0
Extremenetworks ExtremeXOS 15.3

Not Vulnerable: Rockwell Automation Stratix 5900 15.6.3
NTP NTP 4.3.77
NTP NTP 4.2.8p4
IBM QLogic Virtual Fabric Extension Module for IBM BladeCenter 9.0.3.14.0
IBM QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module 7.10.1.37.00
IBM IB6131 8 Gb Infiniband Switch 3.5.1000
IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru 9.1.7.03.00
IBM Flex System EN6131 40Gb Ethernet Switch 3.5.1000
FreeBSD FreeBSD 9.3-STABLE
FreeBSD Freebsd 9.3-RELEASE-p29
FreeBSD Freebsd 10.2-STABLE
FreeBSD Freebsd 10.2-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p23
Extremenetworks Purview Appliance 6.4
Extremenetworks NetSight Appliance 6.4
Extremenetworks NAC Appliance 6.4
Extremenetworks ExtremeXOS 21.1
Extremenetworks ExtremeXOS 16.2

Exploit

An attacker can exploit this issue using readily available tools.

References:

Source: www.securityfocus.com

Exploit Collector

Search Exploit