CVE-2015-7973 Freebsd CVE debrief

Who should care

Administrators running NTP/ntpd in broadcast mode, especially teams maintaining FreeBSD, Ubuntu, NetApp, Siemens, or other products listed in the NVD CPE scope.

Technical summary

NVD describes CVE-2015-7973 as affecting NTP before 4.2.8p6 and 4.3.x before 4.3.90 when broadcast mode is enabled. The attack requires a man-in-the-middle able to sniff the network and conduct replay attacks. NVD assigns CVSS 3.1 6.5/Medium (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H), reflecting that the issue is remotely reachable but requires favorable network positioning and mainly impacts integrity and availability.

Defensive priority

Medium priority: confirm whether broadcast mode is used, then schedule patching or mitigation for any exposed ntpd deployments.

Recommended defensive actions

• Inventory systems running NTP/ntpd and identify any broadcast-mode configurations.
• Upgrade affected NTP deployments to a fixed release at or above 4.2.8p6 or 4.3.90, as applicable.
• Review vendor advisories for packaged products mapped in the NVD CPE list, including FreeBSD, Ubuntu, NetApp, and Siemens references.
• If broadcast mode is not required, disable it to reduce exposure.
• Monitor time-synchronization behavior for unexpected replay-like anomalies until remediation is complete.

Evidence notes

Source corpus states that NTP before 4.2.8p6 and 4.3.x before 4.3.90 is vulnerable in broadcast mode to replay attacks by a sniffing MITM. The NVD record links upstream/vendor advisories including support.ntp.org/NtpBug2935, FreeBSD-SA-16:09.ntp.asc, and multiple third-party advisories. The CPE list includes NTP, FreeBSD, Ubuntu, NetApp, and Siemens products, showing that exposure can extend beyond upstream NTP packaging. Several legacy reference URLs in the corpus are marked as broken links.

Official resources