Published: 13 January 2017
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVSS 3 base score: 7.5
Launchpad, Ubuntu, Debian
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
"Affects ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and ntp-4.3.0 up to, but not including ntp-4.3.94."