ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
2018-03-06T20:29:01.437
2025-01-14T19:29:55.853
Modified
CVSSv3.0: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | ntp | ntp | 4.2.8 | Yes |
| Application | synology | router_manager | 1.1 | Yes |
| Application | synology | skynas | - | Yes |
| Application | synology | virtual_diskstation_manager | - | Yes |
| Operating System | synology | diskstation_manager | 5.2 | Yes |
| Operating System | synology | diskstation_manager | 6.0 | Yes |
| Operating System | synology | diskstation_manager | 6.1 | Yes |
| Operating System | synology | vs960hd_firmware | - | Yes |
| Operating System | slackware | slackware_linux | 14.0 | Yes |
| Operating System | slackware | slackware_linux | 14.1 | Yes |
| Operating System | slackware | slackware_linux | 14.2 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 17.10 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Application | netapp | cloud_backup | - | Yes |
| Application | netapp | steelstore_cloud_integrated_storage | - | Yes |