CVE-2015-8139 - Vulncode-DB

CVE-2015-8139 (NVD)

2017-01-30

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

Products	Ntp
Type	Improper Access Control (CWE-284)
First patch	- None (likely due to unavailable code)
Links	• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/ • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/ • http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html • https://bto.bluecoat.com/security-advisory/sa113 More/Less (13) • https://security.netapp.com/advisory/ntap-20200204-0003/ • https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc • https://security.gentoo.org/glsa/201607-15 • http://www.securityfocus.com/bid/82105 • http://support.ntp.org/bin/view/Main/NtpBug2946 • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html • http://www.securitytracker.com/id/1034782 • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html • https://www.kb.cert.org/vuls/id/718152 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/ • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html