Last update: April 22, 2024 18:49 UTC (7e7bd5857)
Resolved | 4.2.8p6 | 19 Jan 2016 |
---|---|---|
References | Bug 2935 | CVE-2015-7973 |
Affects | All ntp-4 releases up to, but not including 4.2.8p6, and 4.3.0 up to, but not including 4.3.90. |
Resolved in 4.2.8p6. |
CVSS2 Score | MED 4.3 | AV:A/AC:M/Au:N/C:N/I:P/A:P |
If an NTP network is configured for broadcast operations, then either a man-in-the-middle attacker or a malicious participant that has the same trusted keys as the victim can replay time packets.
ntpd
instances.This weakness was discovered by Aanchal Malhotra of Boston University.