ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.0 | * |
Ntp | Ntp | 4.3.0 | * |