CVE Vulnerabilities

CVE-2015-7973

Published: Jan 30, 2017 | Modified: Apr 26, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
4.3 MODERATE
AV:A/AC:M/Au:N/C:N/I:P/A:P
RedHat/V3
Ubuntu
LOW

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp * 4.2.8 (excluding)
Ntp Ntp 4.3.0 (including) 4.3.90 (excluding)
Ntp Ntp 4.2.8 (including) 4.2.8 (including)
Ntp Ntp 4.2.8-p1 (including) 4.2.8-p1 (including)
Ntp Ntp 4.2.8-p1-beta1 (including) 4.2.8-p1-beta1 (including)
Ntp Ntp 4.2.8-p1-beta2 (including) 4.2.8-p1-beta2 (including)
Ntp Ntp 4.2.8-p1-beta3 (including) 4.2.8-p1-beta3 (including)
Ntp Ntp 4.2.8-p1-beta4 (including) 4.2.8-p1-beta4 (including)
Ntp Ntp 4.2.8-p1-beta5 (including) 4.2.8-p1-beta5 (including)
Ntp Ntp 4.2.8-p1-rc1 (including) 4.2.8-p1-rc1 (including)
Ntp Ntp 4.2.8-p1-rc2 (including) 4.2.8-p1-rc2 (including)
Ntp Ntp 4.2.8-p2 (including) 4.2.8-p2 (including)
Ntp Ntp 4.2.8-p2-rc1 (including) 4.2.8-p2-rc1 (including)
Ntp Ntp 4.2.8-p2-rc2 (including) 4.2.8-p2-rc2 (including)
Ntp Ntp 4.2.8-p2-rc3 (including) 4.2.8-p2-rc3 (including)
Ntp Ntp 4.2.8-p3 (including) 4.2.8-p3 (including)
Ntp Ntp 4.2.8-p3-rc1 (including) 4.2.8-p3-rc1 (including)
Ntp Ntp 4.2.8-p3-rc2 (including) 4.2.8-p3-rc2 (including)
Ntp Ntp 4.2.8-p3-rc3 (including) 4.2.8-p3-rc3 (including)
Ntp Ntp 4.2.8-p4 (including) 4.2.8-p4 (including)
Ntp Ntp 4.2.8-p5 (including) 4.2.8-p5 (including)
Ntp Ubuntu esm-infra/xenial *
Ntp Ubuntu precise *
Ntp Ubuntu precise/esm *
Ntp Ubuntu trusty *
Ntp Ubuntu trusty/esm *
Ntp Ubuntu upstream *
Ntp Ubuntu vivid *
Ntp Ubuntu vivid/stable-phone-overlay *
Ntp Ubuntu wily *
Ntp Ubuntu xenial *

References