Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11868

Опубликовано: 17 апр. 2020
Источник: debian
EPSS Низкий

Описание

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ntpfixed1:4.2.8p14+dfsg-1package
ntpno-dsabusterpackage
ntpno-dsastretchpackage
ntpsecnot-affectedpackage

Примечания

  • http://support.ntp.org/bin/view/Main/NtpBug3592

  • http://bugs.ntp.org/3592

  • http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg

  • http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q

  • https://bugzilla.redhat.com/show_bug.cgi?id=1716665

  • https://gitlab.com/NTPsec/ntpsec/issues/651

EPSS

Процентиль: 68%
0.00597
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-11868

CVSS3: 7.5
ubuntu
около 5 лет назад

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

redhat логотип

CVE-2020-11868

CVSS3: 3.7
redhat
больше 5 лет назад

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

nvd логотип

CVE-2020-11868

CVSS3: 7.5
nvd
около 5 лет назад

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

github логотип

GHSA-57qq-hwp2-xmcj

CVSS3: 7.5
github
около 3 лет назад

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

fstec логотип

BDU:2020-03220

CVSS3: 7.5
fstec
около 5 лет назад

Уязвимость демона ntpd реализации протокола синхронизации времени NTP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 68%
0.00597
Низкий