CVE-2015-7979

EUVD-2015-7876
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
ntpntp
𝑥
≤ 4.2.8
ntpntp
4.3.0
ntpntp
4.3.1
ntpntp
4.3.2
ntpntp
4.3.3
ntpntp
4.3.4
ntpntp
4.3.5
ntpntp
4.3.6
ntpntp
4.3.7
ntpntp
4.3.8
ntpntp
4.3.10
ntpntp
4.3.11
ntpntp
4.3.12
ntpntp
4.3.13
ntpntp
4.3.14
ntpntp
4.3.15
ntpntp
4.3.16
ntpntp
4.3.17
ntpntp
4.3.18
ntpntp
4.3.19
ntpntp
4.3.20
ntpntp
4.3.21
ntpntp
4.3.22
ntpntp
4.3.23
ntpntp
4.3.24
ntpntp
4.3.25
ntpntp
4.3.26
ntpntp
4.3.27
ntpntp
4.3.28
ntpntp
4.3.29
ntpntp
4.3.30
ntpntp
4.3.31
ntpntp
4.3.32
ntpntp
4.3.33
ntpntp
4.3.34
ntpntp
4.3.35
ntpntp
4.3.36
ntpntp
4.3.37
ntpntp
4.3.38
ntpntp
4.3.39
ntpntp
4.3.40
ntpntp
4.3.41
ntpntp
4.3.42
ntpntp
4.3.43
ntpntp
4.3.44
ntpntp
4.3.45
ntpntp
4.3.46
ntpntp
4.3.47
ntpntp
4.3.48
ntpntp
4.3.49
ntpntp
4.3.50
ntpntp
4.3.51
ntpntp
4.3.52
ntpntp
4.3.53
ntpntp
4.3.54
ntpntp
4.3.55
ntpntp
4.3.56
ntpntp
4.3.57
ntpntp
4.3.58
ntpntp
4.3.59
ntpntp
4.3.60
ntpntp
4.3.61
ntpntp
4.3.62
ntpntp
4.3.63
ntpntp
4.3.64
ntpntp
4.3.65
ntpntp
4.3.66
ntpntp
4.3.67
ntpntp
4.3.68
ntpntp
4.3.69
ntpntp
4.3.70
ntpntp
4.3.71
ntpntp
4.3.72
ntpntp
4.3.73
ntpntp
4.3.74
ntpntp
4.3.75
ntpntp
4.3.76
ntpntp
4.3.77
ntpntp
4.3.78
ntpntp
4.3.79
ntpntp
4.3.80
ntpntp
4.3.81
ntpntp
4.3.82
ntpntp
4.3.83
ntpntp
4.3.84
ntpntp
4.3.85
ntpntp
4.3.86
ntpntp
4.3.87
ntpntp
4.3.88
ntpntp
4.3.89
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
precise
Fixed 1:4.2.6.p3+dfsg-1ubuntu3.11
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
released
vivid
ignored
wily
ignored
xenial
Fixed 1:4.2.8p4+dfsg-3ubuntu5.3
released
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
http://www.debian.org/security/2016/dsa-3629
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/81816
http://www.securitytracker.com/id/1034782
http://www.ubuntu.com/usn/USN-3096-1
https://access.redhat.com/errata/RHSA-2016:1141
https://bto.bluecoat.com/security-advisory/sa113
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www.kb.cert.org/vuls/id/718152
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
http://www.debian.org/security/2016/dsa-3629
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/81816
http://www.securitytracker.com/id/1034782
http://www.ubuntu.com/usn/USN-3096-1
https://access.redhat.com/errata/RHSA-2016:1141
https://bto.bluecoat.com/security-advisory/sa113
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www.kb.cert.org/vuls/id/718152