CVE-2015-8139 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
ntp	ntp	𝑥 ≤ 4.2.8

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ntp

bullseye	1:4.2.8p15+dfsg-1 fixed
jessie	no-dsa
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

ntp

precise	ignored
trusty	ignored
vivid	ignored
wily	ignored
xenial	ignored

openSUSE / SLES Releases

openSUSE Product

Release

yast2-ntp-client

suse enterprise sap 12	3.1.12.4-8.2 fixed
suse enterprise sap 12 SP1	3.1.22-6.2 fixed
suse enterprise server 12	3.1.12.4-8.2 fixed
suse enterprise server 12 SP1	3.1.22-6.2 fixed

Amazon Linux Releases

Amazon Package

Release

ntp

Amazon Linux 1

0:4.2.6p5-41.32.amzn1

fixed

ntp-debuginfo

Amazon Linux 1

0:4.2.6p5-41.32.amzn1

fixed

ntp-doc

Amazon Linux 1

0:4.2.6p5-41.32.amzn1

fixed

ntp-perl

Amazon Linux 1

0:4.2.6p5-41.32.amzn1

fixed

ntpdate

Amazon Linux 1

0:4.2.6p5-41.32.amzn1

fixed

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

http://support.ntp.org/bin/view/Main/NtpBug2946

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

http://www.securityfocus.com/bid/82105

http://www.securitytracker.com/id/1034782

https://bto.bluecoat.com/security-advisory/sa113

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

https://security.gentoo.org/glsa/201607-15

https://security.netapp.com/advisory/ntap-20200204-0003/

https://www.kb.cert.org/vuls/id/718152

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

http://support.ntp.org/bin/view/Main/NtpBug2946

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

http://www.securityfocus.com/bid/82105

http://www.securitytracker.com/id/1034782

https://bto.bluecoat.com/security-advisory/sa113

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

https://security.gentoo.org/glsa/201607-15

https://security.netapp.com/advisory/ntap-20200204-0003/

https://www.kb.cert.org/vuls/id/718152