CVE Vulnerabilities

CVE-2020-11868

Origin Validation Error

Published: Apr 17, 2020 | Modified: Apr 26, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp * 4.2.7
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.3.98 *
Ntp Ntp 4.2.8 4.2.8

References