CVE-2015-1798 (retired)

Priority
Description
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in
NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a
nonzero length, which makes it easier for man-in-the-middle attackers to
spoof packets by omitting the MAC.
Assigned-to
mdeslaur
Notes
mdeslaur4.2.5p99+ only
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p2)
Patches:
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
More Information

Updated: 2019-10-09 07:52:24 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)