9.8

CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version >= 4.2.6 < 4.2.8
NtpNtp Version >= 4.3.0 < 4.3.77
NtpNtp Version4.2.5 Updatep186
NtpNtp Version4.2.5 Updatep187
NtpNtp Version4.2.5 Updatep188
NtpNtp Version4.2.5 Updatep189
NtpNtp Version4.2.5 Updatep190
NtpNtp Version4.2.5 Updatep191
NtpNtp Version4.2.5 Updatep192
NtpNtp Version4.2.5 Updatep193
NtpNtp Version4.2.5 Updatep194
NtpNtp Version4.2.5 Updatep195
NtpNtp Version4.2.5 Updatep196
NtpNtp Version4.2.5 Updatep197
NtpNtp Version4.2.5 Updatep198
NtpNtp Version4.2.5 Updatep199
NtpNtp Version4.2.5 Updatep200
NtpNtp Version4.2.5 Updatep201
NtpNtp Version4.2.5 Updatep202
NtpNtp Version4.2.5 Updatep203
NtpNtp Version4.2.5 Updatep204
NtpNtp Version4.2.5 Updatep205
NtpNtp Version4.2.5 Updatep206
NtpNtp Version4.2.5 Updatep207
NtpNtp Version4.2.5 Updatep208
NtpNtp Version4.2.5 Updatep209
NtpNtp Version4.2.5 Updatep210
NtpNtp Version4.2.5 Updatep211
NtpNtp Version4.2.5 Updatep212
NtpNtp Version4.2.5 Updatep213
NtpNtp Version4.2.5 Updatep214
NtpNtp Version4.2.5 Updatep215
NtpNtp Version4.2.5 Updatep216
NtpNtp Version4.2.5 Updatep217
NtpNtp Version4.2.5 Updatep218
NtpNtp Version4.2.5 Updatep219
NtpNtp Version4.2.5 Updatep220
NtpNtp Version4.2.5 Updatep221
NtpNtp Version4.2.5 Updatep222
NtpNtp Version4.2.5 Updatep223
NtpNtp Version4.2.5 Updatep224
NtpNtp Version4.2.5 Updatep225
NtpNtp Version4.2.5 Updatep226
NtpNtp Version4.2.5 Updatep227
NtpNtp Version4.2.5 Updatep228
NtpNtp Version4.2.5 Updatep229
NtpNtp Version4.2.5 Updatep230
NtpNtp Version4.2.5 Updatep231_rc1
NtpNtp Version4.2.5 Updatep232_rc1
NtpNtp Version4.2.5 Updatep233_rc1
NtpNtp Version4.2.5 Updatep234_rc1
NtpNtp Version4.2.5 Updatep235_rc1
NtpNtp Version4.2.5 Updatep236_rc1
NtpNtp Version4.2.5 Updatep237_rc1
NtpNtp Version4.2.5 Updatep238_rc1
NtpNtp Version4.2.5 Updatep239_rc1
NtpNtp Version4.2.5 Updatep240_rc1
NtpNtp Version4.2.5 Updatep241_rc1
NtpNtp Version4.2.5 Updatep242_rc1
NtpNtp Version4.2.5 Updatep243_rc1
NtpNtp Version4.2.5 Updatep244_rc1
NtpNtp Version4.2.5 Updatep245_rc1
NtpNtp Version4.2.5 Updatep246_rc1
NtpNtp Version4.2.5 Updatep247_rc1
NtpNtp Version4.2.5 Updatep248_rc1
NtpNtp Version4.2.5 Updatep249_rc1
NtpNtp Version4.2.5 Updatep250_rc1
NtpNtp Version4.2.8 Updatep1
NtpNtp Version4.2.8 Updatep1-beta1
NtpNtp Version4.2.8 Updatep1-beta2
NtpNtp Version4.2.8 Updatep1-beta3
NtpNtp Version4.2.8 Updatep1-beta4
NtpNtp Version4.2.8 Updatep1-beta5
NtpNtp Version4.2.8 Updatep1-rc1
NtpNtp Version4.2.8 Updatep1-rc2
NtpNtp Version4.2.8 Updatep2
NtpNtp Version4.2.8 Updatep2-rc1
NtpNtp Version4.2.8 Updatep2-rc2
NtpNtp Version4.2.8 Updatep2-rc3
NtpNtp Version4.2.8 Updatep3
NtpNtp Version4.2.8 Updatep3-rc1
NtpNtp Version4.2.8 Updatep3-rc2
NtpNtp Version4.2.8 Updatep3-rc3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
NetappOncommand Balance Version-
NetappOncommand Unified Manager Version- SwPlatformclustered_data_ontap
NetappData Ontap Version- SwPlatform7-mode
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 76.65% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://security.gentoo.org/glsa/201604-03
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201607-15
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033951
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/77287
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1274265
Third Party Advisory
VDB Entry
Issue Tracking