CVE-2015-7704

Published: Aug 7, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Affected (58)

Products: Ntp: Ntp · Debian: Debian Linux · Netapp: Clustered Data Ontap, Data Ontap, Oncommand Performance Manager, Oncommand Unified Manager · +3 more

Show all products

1 product

1 product

4 products

Oncommand Performance Manager

Oncommand Unified Manager

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Mcafee

1 product

Enterprise Security Manager

Citrix

1 product

Xenserver

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	From 4.2.0 to 4.2.8
Ntp Ntp	From 4.3.0 to 4.3.77
Ntp Ntp	Version 4.2.8
Ntp Ntp	Version 4.2.8 p1-beta1
Ntp Ntp	Version 4.2.8 p1-beta2
Ntp Ntp	Version 4.2.8 p1-beta3
Ntp Ntp	Version 4.2.8 p1-beta4
Ntp Ntp	Version 4.2.8 p1-beta5
Ntp Ntp	Version 4.2.8 p1-rc1
Ntp Ntp	Version 4.2.8 p1-rc2
Ntp Ntp	Version 4.2.8 p1
Ntp Ntp	Version 4.2.8 p2-rc1
Ntp Ntp	Version 4.2.8 p2-rc2
Ntp Ntp	Version 4.2.8 p2-rc3
Ntp Ntp	Version 4.2.8 p2
Ntp Ntp	Version 4.2.8 p3-rc1
Ntp Ntp	Version 4.2.8 p3-rc2
Ntp Ntp	Version 4.2.8 p3-rc3
Ntp Ntp	Version 4.2.8 p3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions
Netapp Data Ontap	All versions
Netapp Oncommand Performance Manager	All versions
Netapp Oncommand Unified Manager	All versions

Configuration D

26 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Eus	Version 6.5
Redhat Enterprise Linux Server Eus	Version 6.6
Redhat Enterprise Linux Server Eus	Version 6.7
Redhat Enterprise Linux Server Eus	Version 7.1
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.6
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Mcafee Enterprise Security Manager	Before 10.4.0
Mcafee Enterprise Security Manager	From 11.0.0 to 11.2.0

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Version 6.0.2
Citrix Xenserver	Version 6.2.0
Citrix Xenserver	Version 6.5
Citrix Xenserver	Version 7.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (40)

http://bugs.ntp.org/show_bug.cgi?id=2901

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1930.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2520.html

Source: cve@mitre.org

Third Party Advisory

http://support.ntp.org/bin/view/Main/NtpBug2901

Source: cve@mitre.org

Vendor Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.debian.org/security/2015/dsa-3388

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/77280

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033951

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1271070

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://eprint.iacr.org/2015/1020.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201607-15

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://security.netapp.com/advisory/ntap-20171004-0001/

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20171004-0002/

Source: cve@mitre.org

Third Party Advisory

https://support.citrix.com/article/CTX220112

Source: cve@mitre.org

Third Party Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016

Source: cve@mitre.org

https://www.cs.bu.edu/~goldbe/NTPattack.html

Source: cve@mitre.org

Third Party Advisory

https://www.kb.cert.org/vuls/id/718152

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://bugs.ntp.org/show_bug.cgi?id=2901