CVE-2015-7974

Published: Jan 26, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.talosintel.com/reports/TALOS-2016-0071/

x_refsource_MISC

DSA-3629

vendor-advisory

x_refsource_DEBIAN

81960

vdb-entry

x_refsource_BID

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us

x_refsource_CONFIRM

http://support.ntp.org/bin/view/Main/NtpBug2936

x_refsource_CONFIRM

1034782

vdb-entry

x_refsource_SECTRACK

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us

x_refsource_CONFIRM

RHSA-2016:2583

vendor-advisory

x_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20171031-0001/

x_refsource_CONFIRM

http://bugs.ntp.org/show_bug.cgi?id=2936

x_refsource_CONFIRM

FreeBSD-SA-16:09

vendor-advisory

x_refsource_FREEBSD

GLSA-201607-15

vendor-advisory

x_refsource_GENTOO

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

x_refsource_CONFIRM

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-7974

Description

Affected Products

References