NTP Project ntpd reference implementation contains multiple vulnerabilities
Overview
NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.
Description
CVE-2015-1798, bug 2779: In NTP4 installations utilizing symmetric key authentication, versions ntp-4.2.5p99 to ntp-4.2.8p1, packets with no message authentication code (MAC) are accepted as though they have a valid MAC. An attacker may be able to leverage this validation error to send packets that will be accepted by the client. The CVSS score reflects this issue. |
Impact
An unauthenticated attacker with network access may be able to inject packets or prevent peer synchronization among symmetrically authenticated hosts. |
Solution
Apply an update |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
NTP Project | Affected | 23 Mar 2015 | 07 Apr 2015 |
ACCESS | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Alcatel-Lucent | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Apple | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Arch Linux | Unknown | 30 Mar 2015 | 30 Mar 2015 |
AT&T | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Avaya, Inc. | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Barracuda Networks | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Belkin, Inc. | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Blue Coat Systems | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Brocade | Unknown | 30 Mar 2015 | 30 Mar 2015 |
CA Technologies | Unknown | 24 Mar 2015 | 24 Mar 2015 |
CentOS | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Check Point Software Technologies | Unknown | 24 Mar 2015 | 24 Mar 2015 |
Cisco | Unknown | 24 Mar 2015 | 24 Mar 2015 |
If you are a vendor and your product is affected, let us know.View More »
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 4.2 | E:POC/RL:OF/RC:C |
Environmental | 4.2 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND |
References
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://bugs.ntp.org/show_bug.cgi?id=2781
- http://bugs.ntp.org/show_bug.cgi?id=2779
- http://www.ntp.org/downloads.html
Credit
The NTP Project credits Miroslav Lichvar of Red Hat for reporting these issues.
This document was written by Joel Land.
Other Information
- CVE IDs: CVE-2015-1798 CVE-2015-1799
- Date Public: 07 4월 2015
- Date First Published: 07 4월 2015
- Date Last Updated: 09 4월 2015
- Document Revision: 17