CVE-2015-8139

MEDIUM

ntp < 4.2.8p7 - Remote Peer Impersonation via Origin Timestamp Exposure

Title source: llm
STIX 2.1

Description

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

References (18)

Core 18
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034782
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/718152
Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/NtpBug2946
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/82105
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
Various Sources vendor-advisory x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
Third Party Advisory x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa113
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201607-15
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200204-0003/

Scores

CVSS v3 5.3
EPSS 0.0593
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-284
Status published
Products (1)
ntp/ntp < 4.2.8
Published Jan 30, 2017
Tracked Since Feb 18, 2026