Updated: 2024-11-24 05:38:06.886126
Description:
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5 |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | ntp | 4.2.6 | 7.5 | HIGH | Released | CLSA-2021:1633442934 | 2022-05-05 12:02:02 | |
CloudLinux 6 ELS | ntp | 4.2.6 | 7.5 | HIGH | Released | 2022-04-26 15:46:48 | ||
Oracle Linux 6 ELS | ntp | 4.2.6 | 7.5 | HIGH | Released | CLSA-2021:1634922835 | 2022-04-26 15:46:48 | |
Ubuntu 16.04 ELS | ntp | 4.2.8 | 7.5 | HIGH | Not Vulnerable | 2022-04-26 15:46:48 |