critical
9.8
CWE
287
Advisory Published
CVE Published
Updated

CVE-2015-7871

First published: Thu Oct 22 2015(Updated: )

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/ntp<4.2.8
4.2.8
Siemens TIM 4R-IE
Siemens TIM 4R-IE DNP3
NTP ntp>=4.2.6<4.2.8
NTP ntp>=4.3.0<4.3.77
NTP ntp=4.2.5-p186
NTP ntp=4.2.5-p187
NTP ntp=4.2.5-p188
NTP ntp=4.2.5-p189
NTP ntp=4.2.5-p190
NTP ntp=4.2.5-p191
NTP ntp=4.2.5-p192
NTP ntp=4.2.5-p193
NTP ntp=4.2.5-p194
NTP ntp=4.2.5-p195
NTP ntp=4.2.5-p196
NTP ntp=4.2.5-p197
NTP ntp=4.2.5-p198
NTP ntp=4.2.5-p199
NTP ntp=4.2.5-p200
NTP ntp=4.2.5-p201
NTP ntp=4.2.5-p202
NTP ntp=4.2.5-p203
NTP ntp=4.2.5-p204
NTP ntp=4.2.5-p205
NTP ntp=4.2.5-p206
NTP ntp=4.2.5-p207
NTP ntp=4.2.5-p208
NTP ntp=4.2.5-p209
NTP ntp=4.2.5-p210
NTP ntp=4.2.5-p211
NTP ntp=4.2.5-p212
NTP ntp=4.2.5-p213
NTP ntp=4.2.5-p214
NTP ntp=4.2.5-p215
NTP ntp=4.2.5-p216
NTP ntp=4.2.5-p217
NTP ntp=4.2.5-p218
NTP ntp=4.2.5-p219
NTP ntp=4.2.5-p220
NTP ntp=4.2.5-p221
NTP ntp=4.2.5-p222
NTP ntp=4.2.5-p223
NTP ntp=4.2.5-p224
NTP ntp=4.2.5-p225
NTP ntp=4.2.5-p226
NTP ntp=4.2.5-p227
NTP ntp=4.2.5-p228
NTP ntp=4.2.5-p229
NTP ntp=4.2.5-p230
NTP ntp=4.2.5-p231_rc1
NTP ntp=4.2.5-p232_rc1
NTP ntp=4.2.5-p233_rc1
NTP ntp=4.2.5-p234_rc1
NTP ntp=4.2.5-p235_rc1
NTP ntp=4.2.5-p236_rc1
NTP ntp=4.2.5-p237_rc1
NTP ntp=4.2.5-p238_rc1
NTP ntp=4.2.5-p239_rc1
NTP ntp=4.2.5-p240_rc1
NTP ntp=4.2.5-p241_rc1
NTP ntp=4.2.5-p242_rc1
NTP ntp=4.2.5-p243_rc1
NTP ntp=4.2.5-p244_rc1
NTP ntp=4.2.5-p245_rc1
NTP ntp=4.2.5-p246_rc1
NTP ntp=4.2.5-p247_rc1
NTP ntp=4.2.5-p248_rc1
NTP ntp=4.2.5-p249_rc1
NTP ntp=4.2.5-p250_rc1
NTP ntp=4.2.8-p1
NTP ntp=4.2.8-p1-beta1
NTP ntp=4.2.8-p1-beta2
NTP ntp=4.2.8-p1-beta3
NTP ntp=4.2.8-p1-beta4
NTP ntp=4.2.8-p1-beta5
NTP ntp=4.2.8-p1-rc1
NTP ntp=4.2.8-p1-rc2
NTP ntp=4.2.8-p2
NTP ntp=4.2.8-p2-rc1
NTP ntp=4.2.8-p2-rc2
NTP ntp=4.2.8-p2-rc3
NTP ntp=4.2.8-p3
NTP ntp=4.2.8-p3-rc1
NTP ntp=4.2.8-p3-rc2
NTP ntp=4.2.8-p3-rc3
Debian=7.0
Debian=8.0
Debian=9.0
NetApp OnCommand Balance
NetApp OnCommand Performance Manager
NetApp OnCommand Unified Manager
IBM Data ONTAP
IBM Data ONTAP

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2015-7871?

    CVE-2015-7871 has been classified as a medium severity vulnerability due to its potential to allow remote attackers to bypass authentication.

  • How do I fix CVE-2015-7871?

    To fix CVE-2015-7871, you should upgrade to NTP version 4.2.8p4 or higher, or 4.3.77 or higher.

  • What systems are affected by CVE-2015-7871?

    CVE-2015-7871 affects NTP versions 4.2.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77, as well as various products from Siemens and NetApp that utilize these versions.

  • Is there a workaround for CVE-2015-7871?

    There is no specific workaround for CVE-2015-7871; the best course of action is to apply the available updates.

  • What type of vulnerability is CVE-2015-7871?

    CVE-2015-7871 is a cryptographic vulnerability that allows attackers to bypass authentication through the exploitation of faulty error handling in NTP.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203