The NTP.org reference implementation of ntpd contains multiple vulnerabilities.
NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.
CWE-294: Authentication Bypass by Capture-replay - CVE-2015-7973
Unauthenticated remote attackers may be able to spoof packets to cause denial of service, authentication bypass on commands, or certain configuration changes. For more information on these vulnerabilities, please see NTP.org's April 2016 security advisory as well as the January 2016 security advisory.
Apply an update
Thanks to Cisco TALOS for reporting many of these issues to us. The Network Time Foundation credits many researchers for these vulnerabilities; see NTP.org's January 2016 and April 2016 security advisories for the complete list.
|CVE IDs:||CVE-2015-7704, CVE-2015-7705, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519|
|Date First Published:||2016-04-27|
|Date Last Updated:||2016-04-28 15:15 UTC|