← volver
CVE-2020-11868

CVE-2020-11868

CVSS 7.5 HIGHEPSS 2.1%CWE-346
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1716665https://lists.debian.org/debian-lts-announce/2020/05/msg00004.htmlhttps://security.gentoo.org/glsa/202007-12https://security.netapp.com/advisory/ntap-20200424-0002/http://support.ntp.org/bin/view/Main/NtpBug3592https://www.oracle.com//security-alerts/cpujul2021.html