VDB
GCVE-110-MAGEIA-2015-348
GCVE-110-MAGEIA-2015-348
Advisory Published
Updated ntp packages fix security vulnerability:
A flaw was found in the way ntpd processed certain remote configuration
packets. An attacker could use a specially crafted package to cause ntpd to
crash if the attacker had authenticated access to remote ntpd configuration
(CVE-2015-5146).
It was found that ntpd could crash due to an uninitialized variable when
processing malformed logconfig configuration commands, for example,
ntpq -c ":config logconfig a" (CVE-2015-5194).
It was found that ntpd exits with a segmentation fault when a statistics
type that was not enabled during compilation (e.g. timingstats) is
referenced by the statistics or filegen configuration command, for example,
ntpq -c ':config statistics timingstats'
ntpq -c ':config filegen timingstats' (CVE-2015-5195).
It was found that the :config command can be used to set the pidfile and
driftfile paths without any restrictions. A remote attacker could use
this flaw to overwrite a file on the file system with a file containing
the pid of the ntpd process (immediately) or the current estimated drift
of the system clock (in hourly intervals). For example,
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift' (CVE-2015-5196).
It was discovered that sntp would hang in an infinite loop when a
crafted NTP packet was received, related to the conversion of the
precision value in the packet to double (CVE-2015-5219).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ntp | 4.2.6p5-24.1.mga5 (unaffected), 0 (affected) | — |
| Mageia | ntp | * (unaffected), 0 (affected) | — |
Aliases
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.