CVE-2015-1799 (retired)

Priority
Description
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in
NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon
receiving certain invalid packets, which makes it easier for
man-in-the-middle attackers to cause a denial of service (synchronization
loss) by spoofing the source IP address of a peer.
Notes
 mdeslaur> we will not be backporting this issue to the codebase in lucid
 mdeslaur> before it goes end-of-life. Marking as ignored.
Assigned-to
mdeslaur
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3)
Patches:
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
More Information

Updated: 2019-03-26 12:14:43 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)