CVE-2015-1798 (retired)

Priority
Description
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in
NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a
nonzero length, which makes it easier for man-in-the-middle attackers to
spoof packets by omitting the MAC.
Notes
 mdeslaur> 4.2.5p99+ only
Assigned-to
mdeslaur
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3)
Patches:
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
More Information

Updated: 2019-03-26 12:14:43 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)