NetworkTimeFoundation NTP CVE-2015-8138 Input Validation Bypass Vulnerability
Description
To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in the packet matches the origin timestamp it transmitted in its last request. A logic error that allowed packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.
Affected Applications
NTP