NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.

OSVersionArchitecturePackageVersionFilename
Debian11allntp< 1:4.2.8p7+dfsg-1ntp_1:4.2.8p7+dfsg-1_all.deb
Debian10allntp< 1:4.2.8p7+dfsg-1ntp_1:4.2.8p7+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	ntp	< 1:4.2.8p7+dfsg-1	ntp_1:4.2.8p7+dfsg-1_all.deb
Debian	10	all	ntp	< 1:4.2.8p7+dfsg-1	ntp_1:4.2.8p7+dfsg-1_all.deb

cve 2

talos 4

nessus 30

f5 3

openvas 26

oraclelinux 3

veracode 1

centos 1

redhat 1

ibm 16

prion 2

redhatcve 1

ubuntucve 2

debiancve 1

seebug 2

fedora 2

amazon 1

paloalto 1

mageia 1

slackware 2

cisco 3

osv 2

freebsd_advisory 1

freebsd 2

debian 2

arista 1

symantec 1

suse 7

fortinet 1

ics 2

cloudfoundry 1

ubuntu 1

cert 1

gentoo 1

oracle 1

cve

CVE-2015-8138

2017-01-30 21:59:00

CVE-2016-7431

2017-01-13 16:59:00

talos

Network Time Protocol Origin Timestamp Check Impersonation Vulnerability

2016-01-19 00:00:00

Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability

2016-01-19 00:00:00

Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability

2017-03-29 00:00:00

nessus

OracleVM 3.3 : ntp (OVMSA-2016-0006)

2016-01-26 00:00:00

RHEL 6 / 7 : ntp (RHSA-2016:0063)

2016-01-26 00:00:00

Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20160125)

2016-01-26 00:00:00

K71245322 : NTP vulnerability CVE-2015-8138

2016-02-22 00:00:00

SOL71245322 - NTP vulnerability CVE-2015-8138

2016-02-22 00:00:00

K80996302 : Multiple NTP vulnerabilities

2016-12-16 00:00:00

openvas

RedHat Update for ntp RHSA-2016:0063-01

2016-01-26 00:00:00

Oracle: Security Advisory (ELSA-2016-0063)

2016-01-26 00:00:00

CentOS Update for ntp CESA-2016:0063 centos7

2016-01-26 00:00:00

oraclelinux

ntp security update

2016-01-25 00:00:00

ntp security and bug fix update

2016-05-12 00:00:00

ntp security and bug fix update

2016-11-09 00:00:00

veracode

Validation Bypass

2019-01-15 09:09:42

centos

ntp, ntpdate, sntp security update

2016-01-25 14:27:37

redhat

(RHSA-2016:0063) Important: ntp security update

2016-01-25 00:00:00

ibm

Security Bulletin: Vulnerability in NTP affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2015-8138)

2019-01-31 02:25:02

Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-8138 CVE-2015-5300)

2023-04-14 14:32:25

Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Security Identity Governance Appliance (CVE-2015-5300 CVE-2015-7704 CVE-2015-8138 )

2018-06-16 21:41:35

prion

Design/Logic Flaw

2017-01-30 21:59:00

Design/Logic Flaw

2017-01-13 16:59:00

redhatcve

CVE-2016-7431

2016-11-22 10:47:56

ubuntucve

CVE-2015-8138

2015-12-31 00:00:00

CVE-2016-7431

2017-01-13 00:00:00

debiancve

CVE-2016-7431

2017-01-13 16:59:00

seebug

Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)

2017-09-20 00:00:00

Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)

2017-10-11 00:00:00

fedora

[SECURITY] Fedora 23 Update: ntp-4.2.6p5-36.fc23

2016-01-30 18:28:19

[SECURITY] Fedora 22 Update: ntp-4.2.6p5-36.fc22

2016-02-21 02:33:52

amazon

Important: ntp

2016-02-09 13:30:00

paloalto

NTP Vulnerabilities

2016-08-15 00:00:00

mageia

Updated ntp packages fix security vulnerability

2016-01-29 14:02:50

slackware

[slackware-security] ntp

2016-02-23 19:51:20

[slackware-security] ntp

2016-04-29 21:57:25

cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016

2016-01-27 20:00:00

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

2016-04-28 09:00:00

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016

2016-11-23 16:00:00

osv

ntp - security update

2016-07-25 00:00:00

ntp - security update

2016-07-25 00:00:00

freebsd_advisory

FreeBSD-SA-16:09.ntp

2016-01-27 00:00:00

freebsd

ntp -- multiple vulnerabilities

2016-01-20 00:00:00

ntp -- multiple vulnerabilities

2016-04-26 00:00:00

debian

[SECURITY] [DSA 3629-1] ntp security update

2016-07-25 21:15:32

[SECURITY] [DLA 559-1] ntp security update

2016-07-25 21:37:14

arista

Security Advisory 0019

2018-04-25 00:00:00

symantec

SA113 : January 2016 NTP Security Vulnerabilities

2016-03-03 08:00:00

suse

Security update for ntp (important)

2016-04-28 19:13:09

Security update for ntp (important)

2016-04-28 19:09:34

Security update for ntp (important)

2016-05-12 21:07:47

fortinet

ntp-4.2.8p7 Security Vulnerability Announcement April 2016

2017-04-03 00:00:00

ics

Siemens TIM 4R-IE Devices

2021-04-13 12:00:00

Siemens SIMATIC NET CP 443-1 OPC UA

2021-06-08 12:00:00

cloudfoundry

USN-3096-1: NTP vulnerabilities | Cloud Foundry

2016-12-21 00:00:00

ubuntu

NTP vulnerabilities

2016-10-05 00:00:00

cert

NTP.org ntpd contains multiple vulnerabilities

2016-04-27 00:00:00

gentoo

NTP: Multiple vulnerabilities

2016-07-20 00:00:00

oracle

Oracle Critical Patch Update - July 2016

2016-07-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for DEBIANCVE:CVE-2015-8138