Endpoint Vulnerability

0rigin: Zero Origin Timestamp Bypass

Description

To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in the packet matches the origin timestamp it transmitted in its last request. A logic error that allowed packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.

Affected Products

NTP

References

CVE-2015-8138,