ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | * | 4.2.7 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.2.8 | 4.2.8 |
Ntp | Ntp | 4.3.98 | * |
Ntp | Ntp | 4.2.8 | 4.2.8 |