ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the “received” timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

References

bugzilla.redhat.com/show_bug.cgi?id=1550218

prion 2

ubuntucve 4

debiancve 2

f5 3

cve 2

checkpoint_advisories 1

nessus 56

openvas 47

veracode 1

redhat 2

centos 1

oraclelinux 3

amazon 3

ibm 19

ics 2

ubuntu 2

cloudfoundry 1

citrix 1

gentoo 2

slackware 3

fedora 6

freebsd 3

freebsd_advisory 2

archlinux 2

mageia 2

symantec 2

aix 1

cisco 2

arista 2

suse 9

fortinet 1

osv 2

debian 2

securityvulns 2

photon 2

cert 1

oracle 1

prion

Design/Logic Flaw

2018-03-06 20:29:00

Code injection

2017-08-07 20:29:00

ubuntucve

CVE-2018-7184

2018-03-06 00:00:00

CVE-2015-7704

2015-10-22 00:00:00

CVE-2015-7705

2015-10-22 00:00:00

debiancve

CVE-2018-7184

2018-03-06 20:29:00

CVE-2015-7704

2017-08-07 20:29:00

K13540723 : NTP vulnerability CVE-2018-7184

2018-03-26 00:00:00

SOL17566 - NTP vulnerability CVE-2015-7704

2015-11-05 00:00:00

K17566 : NTP vulnerability CVE-2015-7704

2015-11-10 00:00:00

cve

CVE-2018-7184

2018-03-06 20:29:00

CVE-2015-7704

2017-08-07 20:29:00

checkpoint_advisories

NTP Kiss-o-Death Packet Denial of Service - Ver2 (CVE-2015-7704)

2018-06-25 00:00:00

nessus

EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-2215)

2019-11-08 00:00:00

EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1210)

2020-03-13 00:00:00

RHEL 6 : ntp (RHSA-2015:2520)

2015-11-30 00:00:00

openvas

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-2215)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1210)

2020-03-13 00:00:00

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-2374)

2020-11-04 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:08:52

redhat

(RHSA-2015:2520) Important: ntp security update

2015-11-26 00:00:00

(RHSA-2015:1930) Important: ntp security update

2015-10-26 00:00:00

centos

ntp, ntpdate, sntp security update

2015-10-26 15:51:06

oraclelinux

ntp security update

2015-10-26 00:00:00

ntp security, bug fix, and enhancement update

2015-11-23 00:00:00

ntp security and bug fix update

2016-05-12 00:00:00

amazon

Medium: ntp

2018-05-10 17:01:00

Medium: ntp

2018-05-10 17:11:00

Important: ntp

2015-10-27 16:42:00

ibm

Security Bulletin: IBM Security Access Manager for Mobile is affected by NTP vulnerabilities (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138)

2018-06-16 21:42:33

Security Bulletin: IBM Security Access Manager for Web is affected by NTP vulnerabilities (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138)

2018-06-16 21:42:33

Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Security Identity Governance Appliance (CVE-2015-5300 CVE-2015-7704 CVE-2015-8138 )

2018-06-16 21:41:35

ics

Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities

2018-08-27 12:00:00

Rockwell Automation Stratix 5900

2017-05-10 12:00:00

ubuntu

NTP vulnerabilities

2018-07-09 00:00:00

NTP vulnerabilities

2015-10-27 00:00:00

cloudfoundry

USN-3707-1: NTP vulnerabilities | Cloud Foundry

2018-07-19 00:00:00

citrix

Citrix XenServer Multiple Security Updates

2017-01-25 05:00:00

gentoo

NTP: Multiple vulnerabilities

2018-05-26 00:00:00

NTP: Multiple vulnerabilities

2016-07-20 00:00:00

slackware

[slackware-security] ntp

2018-03-01 23:49:07

[slackware-security] ntp

2016-04-29 21:57:25

[slackware-security] ntp

2015-10-29 22:49:05

fedora

[SECURITY] Fedora 27 Update: ntp-4.2.8p11-1.fc27

2018-03-27 20:16:30

[SECURITY] Fedora 26 Update: ntp-4.2.8p11-1.fc26

2018-03-27 19:30:28

[SECURITY] Fedora 23 Update: ntp-4.2.6p5-34.fc23

2015-11-02 18:55:43

freebsd

ntp -- multiple vulnerabilities

2018-02-27 00:00:00

ntp -- multiple vulnerabilities

2016-04-26 00:00:00

ntp -- 13 low- and medium-severity vulnerabilities

2015-10-21 00:00:00

freebsd_advisory

FreeBSD-SA-18:02.ntp

2018-03-07 00:00:00

FreeBSD-SA-15:25.ntp

2015-10-26 00:00:00

archlinux

[ASA-201803-11] ntp: multiple issues

2018-03-16 00:00:00

ntp: multiple issues

2015-10-22 00:00:00

mageia

Updated ntp packages fix security vulnerabilities

2018-04-07 01:54:47

Updated ntp packages fixes security vulnerabilities

2015-10-26 00:50:36

symantec

SA165: NTP Vulnerabilities February 2018

2018-04-26 08:00:00

SA103 : October 2015 NTP Security Vulnerabilities

2015-11-24 08:00:00

aix

Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS

2018-08-14 14:48:57

cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

2016-04-28 09:00:00

Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015

2015-10-21 23:00:00

arista

Security Advisory 0019

2018-04-25 00:00:00

Security Advisory 0016

2015-11-04 00:00:00

suse

Security update for ntp (important)

2016-05-12 20:09:15

Security update for ntp (important)

2016-05-18 14:10:13

Security update for ntp (important)

2016-06-01 18:08:21

fortinet

ntp-4.2.8p7 Security Vulnerability Announcement April 2016

2017-04-03 00:00:00

osv

ntp - security update

2015-11-01 00:00:00

ntp - security update

2015-10-28 00:00:00

debian

[SECURITY] [DLA 335-1] ntp security update

2015-10-28 20:45:05

[SECURITY] [DSA 3388-1] ntp security update

2015-11-01 22:20:55

securityvulns

ntp multiple security vulnerabilities

2015-11-01 00:00:00

[USN-2783-1] NTP vulnerabilities

2015-11-01 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0167

2018-07-27 00:00:00

Critical Photon OS Security Update - PHSA-2018-0167

2018-07-27 00:00:00

cert

NTP.org ntpd contains multiple vulnerabilities

2016-04-27 00:00:00

oracle

Oracle Critical Patch Update - July 2016

2016-07-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for RH:CVE-2018-7184