First published: Wed Jun 24 2020(Updated: )
NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending specially-crafted packets, a remote authenticated attacker could exploit this vulnerability to consume all available memory resources.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Data Risk Manager | <=2.0.6 | |
NTP | >=4.3.97<4.3.101 | |
NTP | =4.2.8-p11 | |
NTP | =4.2.8-p12 | |
NTP | =4.2.8-p13 | |
NTP | =4.2.8-p14 | |
SUSE Linux | =15.1 | |
SUSE Linux | =15.2 | |
NetApp Cloud Backup | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp AFF 8300 Firmware | ||
NetApp FAS8300 | ||
NetApp AFF 8700 Firmware | ||
NetApp FAS8700 | ||
NetApp AFF A400 Firmware | ||
NetApp FAS A400 | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
Oracle Storage Cloud Software Appliance | =8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15025 is a vulnerability in ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 that allows remote attackers to cause a denial of service by consuming all available memory resources.
CVE-2020-15025 has a severity rating of 4.9 (Medium).
The software affected by CVE-2020-15025 includes IBM Data Risk Manager (version up to 2.0.6) and NTP (versions 4.2.8-p11 to 4.2.8-p15 and 4.3.97 to 4.3.101).
To fix CVE-2020-15025, apply the necessary patches provided by the vendor or update to a fixed version of the software.
You can find more information about CVE-2020-15025 at the following references: [IBM X-Force](https://exchange.xforce.ibmcloud.com/vulnerabilities/184004), [IBM Support](https://www.ibm.com/support/pages/node/6335281), [openSUSE Security Announce](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html).