First published: Wed Jun 24 2020(Updated: )
NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending specially-crafted packets, a remote authenticated attacker could exploit this vulnerability to consume all available memory resources.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Data Risk Manager | <=2.0.6 | |
NTP ntp | >=4.3.97<4.3.101 | |
NTP ntp | =4.2.8-p11 | |
NTP ntp | =4.2.8-p12 | |
NTP ntp | =4.2.8-p13 | |
NTP ntp | =4.2.8-p14 | |
openSUSE | =15.1 | |
openSUSE | =15.2 | |
netapp cloud backup | ||
NetApp SteelStore | ||
NetApp AFF 8300 Firmware | ||
NetApp FAS8300 | ||
NetApp AFF 8700 Firmware | ||
NetApp FAS8700 | ||
NetApp AFF A400 Firmware | ||
NetApp FAS A400 | ||
netapp h410c firmware | ||
netapp h410c | ||
netapp h300s firmware | ||
netapp h300s | ||
NetApp H500S Firmware | ||
netapp h500s | ||
netapp h700s firmware | ||
netapp h700s | ||
netapp h300e firmware | ||
netapp h300e | ||
netapp h500e firmware | ||
netapp h500e | ||
netapp h700e firmware | ||
netapp h700e | ||
netapp h410s firmware | ||
netapp h410s | ||
Oracle Sun ZFS Storage Appliance Kit | =8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15025 is a vulnerability in ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 that allows remote attackers to cause a denial of service by consuming all available memory resources.
CVE-2020-15025 has a severity rating of 4.9 (Medium).
The software affected by CVE-2020-15025 includes IBM Data Risk Manager (version up to 2.0.6) and NTP (versions 4.2.8-p11 to 4.2.8-p15 and 4.3.97 to 4.3.101).
To fix CVE-2020-15025, apply the necessary patches provided by the vendor or update to a fixed version of the software.
You can find more information about CVE-2020-15025 at the following references: [IBM X-Force](https://exchange.xforce.ibmcloud.com/vulnerabilities/184004), [IBM Support](https://www.ibm.com/support/pages/node/6335281), [openSUSE Security Announce](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html).