{
  "threat_severity" : "Moderate",
  "public_date" : "2016-01-20T00:00:00Z",
  "bugzilla" : {
    "description" : "ntp: restriction list NULL pointer dereference",
    "id" : "1300269",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300269"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", "A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd." ],
  "statement" : "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 6 and 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:0780",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "ntp-0:4.2.6p5-10.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "ntp-0:4.2.6p5-25.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "ntp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-7977\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7977\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit\nhttp://www.talosintel.com/reports/TALOS-2016-0074/" ],
  "name" : "CVE-2015-7977",
  "mitigation" : {
    "value" : "Keep the number of restriction list entries in ntp.conf lower than 500.",
    "lang" : "en:us"
  },
  "csaw" : false
}