Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-8139

Published: 30/01/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Ntp

Vulnerability Summary

ntpq in NTP prior to 4.2.8p7 allows remote malicious users to obtain origin timestamps and then impersonate peers via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

Vendor Advisories

Amazon Linux AMI: ALAS-2016-727
It was discovered that ntpq and ntpdc disclosed the origin timestamp to unauthenticated clients, which could permit such clients to forge the server's replies (CVE-2015-8139) The process_packet function in ntp_protoc in ntpd in NTP 4x before 428p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoo ...
Red Hat: CVE-2015-8139
ntpq in NTP before 428p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors ...
Cisco: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (N ...

References

CWE-284https://www.kb.cert.org/vuls/id/718152https://security.gentoo.org/glsa/201607-15https://bto.bluecoat.com/security-advisory/sa113http://www.securitytracker.com/id/1034782http://www.securityfocus.com/bid/82105http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdhttp://support.ntp.org/bin/view/Main/NtpBug2946http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.aschttps://security.netapp.com/advisory/ntap-20200204-0003/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2016-727.htmlhttps://www.kb.cert.org/vuls/id/718152
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook