The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCanonical Ubuntu
OSCanonical12.0414.0415.0415.10Debian
OSDebian7.08.0Fedora Project Fedora
OSFedoraproject2122Ntp
APPNtp≤ 4.2.8Opensuse Leap
OSOpensuse42.1Opensuse
OSOpensuse13.2Red Hat Enterprise Linux Desktop
OSRedhat6.07.0Red Hat Enterprise Linux Hpc Node
OSRedhat6.07.0Red Hat Enterprise Linux Hpc Node Eus
OSRedhat7.1Red Hat Enterprise Linux Server
OSRedhat6.07.0Red Hat Enterprise Linux Server Eus
OSRedhat6.7.z7.1Red Hat Enterprise Linux Workstation
OSRedhat6.07.0SUSE Linux Enterprise Debuginfo
APPSuse11SUSE Linux Enterprise Desktop
OSSuse12SUSE Linux Enterprise Server
OSSuse101112SUSE Linux Enterprise Software Development Kit
OSSuse12SUSE Manager
OSSuse2.1SUSE Manager Proxy
OSSuse2.1SUSE Openstack Cloud
OSSuse5SUSE Linux Enterprise Server
OSSuse12
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki