Back to search
CVE-2015-1799
Published: Apr 8, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3222
vendor-advisory
x_refsource_DEBIAN
20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability
vendor-advisory
x_refsource_CISCO
[chrony-announce] 20150407 chrony-1.31.1 released (security)
mailing-list
x_refsource_MLIST
USN-2567-1
vendor-advisory
x_refsource_UBUNTU
VU#374268
third-party-advisory
x_refsource_CERT-VN
73950
vdb-entry
x_refsource_BID
SSRT102029
vendor-advisory
x_refsource_HP
FEDORA-2015-5761
vendor-advisory
x_refsource_FEDORA
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10114
x_refsource_CONFIRM
FEDORA-2015-5874
vendor-advisory
x_refsource_FEDORA
APPLE-SA-2015-06-30-2
vendor-advisory
x_refsource_APPLE
openSUSE-SU-2015:0775
vendor-advisory
x_refsource_SUSE
GLSA-201509-01
vendor-advisory
x_refsource_GENTOO
HPSBUX03333
vendor-advisory
x_refsource_HP
MDVSA-2015:202
vendor-advisory
x_refsource_MANDRIVA
http://support.apple.com/kb/HT204942
x_refsource_CONFIRM
HPSBHF03557
vendor-advisory
x_refsource_HP
RHSA-2015:1459
vendor-advisory
x_refsource_REDHAT
http://bugs.ntp.org/show_bug.cgi?id=2781
x_refsource_CONFIRM
20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
vendor-advisory
x_refsource_CISCO
DSA-3223
vendor-advisory
x_refsource_DEBIAN
1032031
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now