CVE-2015-7704

Published: 22 October 2015

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:4.2.6.p5+dfsg-3ubuntu8.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5)
Patches:
Upstream: https://github.com/ntp-project/ntp/commit/21d57dc336dbe9a975baca5ce5ae4da5b71ff123
Upstream: https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
Upstream: https://github.com/ntp-project/ntp/commit/06b143c07c7be5a54608180f69ec06b317e0aac5