NTP CVE-2015-7702 Incomplete Fix Denial of Service Vulnerability

NTP is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code-injection may be possible; however this has not been confirmed.

Versions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable.

Note #1: This issue is the result of an incomplete fix for the issue described in 72583 (NTP 'ntp_crypto.c' Information Disclosure Vulnerability).

Note #2: This issue was previously titled 'NTP CVE-2015-7702 Denial of Service Vulnerability'. The title has been changed to better reflect the vulnerability information.


Privacy Statement
Copyright 2010, SecurityFocus