FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-1798

This CVE name corresponds to:

Entered Topic
2015-04-07 ntp -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-1798 at cve.mitre.org

Details

Type Candidate
Name CVE-2015-1798
Phase Assigned(20150217)

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

References

Source Reference
CONFIRM http://bugs.ntp.org/show_bug.cgi?id=2779
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10114
CONFIRM http://support.apple.com/kb/HT204942
APPLE APPLE-SA-2015-06-30-2
CISCO 20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
CISCO 20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability
DEBIAN DSA-3223
FEDORA FEDORA-2015-5761
FEDORA FEDORA-2015-5874
MANDRIVA MDVSA-2015:202
SUSE openSUSE-SU-2015:0775
UBUNTU USN-2567-1
CERT-VN VU#374268
BID 73951
SECTRACK 1032032

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.