CVE-2015-8138 (NVD)

2017-01-30

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.

Products Ntp
Type Improper Input Validation (CWE-20)
First patch - None (likely due to unavailable code)
Links https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www.kb.cert.org/vuls/id/718152
http://www.securityfocus.com/bid/81811