Back to search
CVE-2015-1798
Published: Apr 8, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1032032
vdb-entry
x_refsource_SECTRACK
USN-2567-1
vendor-advisory
x_refsource_UBUNTU
VU#374268
third-party-advisory
x_refsource_CERT-VN
SSRT102029
vendor-advisory
x_refsource_HP
FEDORA-2015-5761
vendor-advisory
x_refsource_FEDORA
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10114
x_refsource_CONFIRM
FEDORA-2015-5874
vendor-advisory
x_refsource_FEDORA
APPLE-SA-2015-06-30-2
vendor-advisory
x_refsource_APPLE
openSUSE-SU-2015:0775
vendor-advisory
x_refsource_SUSE
GLSA-201509-01
vendor-advisory
x_refsource_GENTOO
20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability
vendor-advisory
x_refsource_CISCO
HPSBUX03333
vendor-advisory
x_refsource_HP
MDVSA-2015:202
vendor-advisory
x_refsource_MANDRIVA
73951
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT204942
x_refsource_CONFIRM
RHSA-2015:1459
vendor-advisory
x_refsource_REDHAT
20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
vendor-advisory
x_refsource_CISCO
http://bugs.ntp.org/show_bug.cgi?id=2779
x_refsource_CONFIRM
DSA-3223
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now