CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
ntpntp
4.2.6 ≤
𝑥
< 4.2.8
ntpntp
4.3.0 ≤
𝑥
< 4.3.77
ntpntp
4.2.5:p186
ntpntp
4.2.5:p187
ntpntp
4.2.5:p188
ntpntp
4.2.5:p189
ntpntp
4.2.5:p190
ntpntp
4.2.5:p191
ntpntp
4.2.5:p192
ntpntp
4.2.5:p193
ntpntp
4.2.5:p194
ntpntp
4.2.5:p195
ntpntp
4.2.5:p196
ntpntp
4.2.5:p197
ntpntp
4.2.5:p198
ntpntp
4.2.5:p199
ntpntp
4.2.5:p200
ntpntp
4.2.5:p201
ntpntp
4.2.5:p202
ntpntp
4.2.5:p203
ntpntp
4.2.5:p204
ntpntp
4.2.5:p205
ntpntp
4.2.5:p206
ntpntp
4.2.5:p207
ntpntp
4.2.5:p208
ntpntp
4.2.5:p209
ntpntp
4.2.5:p210
ntpntp
4.2.5:p211
ntpntp
4.2.5:p212
ntpntp
4.2.5:p213
ntpntp
4.2.5:p214
ntpntp
4.2.5:p215
ntpntp
4.2.5:p216
ntpntp
4.2.5:p217
ntpntp
4.2.5:p218
ntpntp
4.2.5:p219
ntpntp
4.2.5:p220
ntpntp
4.2.5:p221
ntpntp
4.2.5:p222
ntpntp
4.2.5:p223
ntpntp
4.2.5:p224
ntpntp
4.2.5:p225
ntpntp
4.2.5:p226
ntpntp
4.2.5:p227
ntpntp
4.2.5:p228
ntpntp
4.2.5:p229
ntpntp
4.2.5:p230
ntpntp
4.2.5:p231_rc1
ntpntp
4.2.5:p232_rc1
ntpntp
4.2.5:p233_rc1
ntpntp
4.2.5:p234_rc1
ntpntp
4.2.5:p235_rc1
ntpntp
4.2.5:p236_rc1
ntpntp
4.2.5:p237_rc1
ntpntp
4.2.5:p238_rc1
ntpntp
4.2.5:p239_rc1
ntpntp
4.2.5:p240_rc1
ntpntp
4.2.5:p241_rc1
ntpntp
4.2.5:p242_rc1
ntpntp
4.2.5:p243_rc1
ntpntp
4.2.5:p244_rc1
ntpntp
4.2.5:p245_rc1
ntpntp
4.2.5:p246_rc1
ntpntp
4.2.5:p247_rc1
ntpntp
4.2.5:p248_rc1
ntpntp
4.2.5:p249_rc1
ntpntp
4.2.5:p250_rc1
ntpntp
4.2.8:p1
ntpntp
4.2.8:p1-beta1
ntpntp
4.2.8:p1-beta2
ntpntp
4.2.8:p1-beta3
ntpntp
4.2.8:p1-beta4
ntpntp
4.2.8:p1-beta5
ntpntp
4.2.8:p1-rc1
ntpntp
4.2.8:p1-rc2
ntpntp
4.2.8:p2
ntpntp
4.2.8:p2-rc1
ntpntp
4.2.8:p2-rc2
ntpntp
4.2.8:p2-rc3
ntpntp
4.2.8:p3
ntpntp
4.2.8:p3-rc1
ntpntp
4.2.8:p3-rc2
ntpntp
4.2.8:p3-rc3
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
netapponcommand_balance
-
netapponcommand_performance_manager
-
netapponcommand_unified_manager
-
netappclustered_data_ontap
-
netappdata_ontap
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
wily
Fixed 1:4.2.6.p5+dfsg-3ubuntu8.1
released
vivid
Fixed 1:4.2.6.p5+dfsg-3ubuntu6.2
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
released
precise
Fixed 1:4.2.6.p3+dfsg-1ubuntu3.6
released
Common Weakness Enumeration
References
http://support.ntp.org/bin/view/Main/NtpBug2941
http://www.debian.org/security/2015/dsa-3388
http://www.securityfocus.com/bid/77287
http://www.securitytracker.com/id/1033951
https://bugzilla.redhat.com/show_bug.cgi?id=1274265
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
https://security.gentoo.org/glsa/201604-03
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0001/
http://support.ntp.org/bin/view/Main/NtpBug2941
http://www.debian.org/security/2015/dsa-3388
http://www.securityfocus.com/bid/77287
http://www.securitytracker.com/id/1033951
https://bugzilla.redhat.com/show_bug.cgi?id=1274265
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
https://security.gentoo.org/glsa/201604-03
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0001/