CVE-2015-7704
ntp: disabling synchronization via crafted KoD packet
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
El cliente ntpd en NTP 4.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaciĆ³n de servicio empleando una serie de mensajes "KOD" manipulados.
It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.
The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-10-04 CVE Reserved
- 2015-10-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/77280 | Third Party Advisory | |
| http://www.securitytracker.com/id/1033951 | Third Party Advisory | |
| https://eprint.iacr.org/2015/1020.pdf | Technical Description | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839 | Third Party Advisory | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10284 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20171004-0001 | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20171004-0002 | Third Party Advisory |
|
| https://support.citrix.com/article/CTX220112 | Third Party Advisory | |
| https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016 | X_refsource_misc | |
| https://www.cs.bu.edu/~goldbe/NTPattack.html | Third Party Advisory | |
| https://www.kb.cert.org/vuls/id/718152 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://bugs.ntp.org/show_bug.cgi?id=2901 | 2021-11-17 | |
| http://rhn.redhat.com/errata/RHSA-2015-1930.html | 2021-11-17 | |
| http://rhn.redhat.com/errata/RHSA-2015-2520.html | 2021-11-17 | |
| http://support.ntp.org/bin/view/Main/NtpBug2901 | 2021-11-17 | |
| http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit | 2021-11-17 | |
| http://www.debian.org/security/2015/dsa-3388 | 2021-11-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1271070 | 2015-11-26 | |
| https://security.gentoo.org/glsa/201607-15 | 2021-11-17 | |
| https://access.redhat.com/security/cve/CVE-2015-7704 | 2015-11-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | >= 4.2.0 < 4.2.8 Search vendor "Ntp" for product "Ntp" and version " >= 4.2.0 < 4.2.8" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | >= 4.3.0 < 4.3.77 Search vendor "Ntp" for product "Ntp" and version " >= 4.3.0 < 4.3.77" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta4 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta5 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-rc1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-rc2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc3 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Performance Manager Search vendor "Netapp" for product "Oncommand Performance Manager" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager" | - | clustered_data_ontap |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Search vendor "Netapp" for product "Data Ontap" | - | 7-mode |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.1 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Enterprise Security Manager Search vendor "Mcafee" for product "Enterprise Security Manager" | < 10.4.0 Search vendor "Mcafee" for product "Enterprise Security Manager" and version " < 10.4.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Enterprise Security Manager Search vendor "Mcafee" for product "Enterprise Security Manager" | >= 11.0.0 < 11.2.0 Search vendor "Mcafee" for product "Enterprise Security Manager" and version " >= 11.0.0 < 11.2.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.0.2 Search vendor "Citrix" for product "Xenserver" and version "6.0.2" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.2.0 Search vendor "Citrix" for product "Xenserver" and version "6.2.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.5 Search vendor "Citrix" for product "Xenserver" and version "6.5" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.0 Search vendor "Citrix" for product "Xenserver" and version "7.0" | - |
Affected
| ||||||