virus logo FortiClient Vulnerability

NetworkTimeFoundation NTP CVE-2015-8138 Input Validation Bypass Vulnerability

description-logoDescription

To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in the packet matches the origin timestamp it transmitted in its last request. A logic error that allowed packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.

affected-products-logoAffected Applications

NTP

CVE References

CVE-2015-8138

Other References

http://support.ntp.org/bin/view/Main/NtpBug2945
ID 38918
Created Jan 17, 2020
Description
Updated		 Dec 21, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor NetworkTimeFoundation
Patch manual
Application NTP