ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-04T12:31:55

Updated: 2024-08-04T12:25:16.566Z

Reserved: 2020-06-04T00:00:00

Link: CVE-2020-13817

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-04T13:15:11.053

Modified: 2024-11-21T05:01:55.633

Link: CVE-2020-13817

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-03-03T00:00:00Z

Links: CVE-2020-13817 - Bugzilla