4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:P/A:P
0.008 Low
EPSS
Percentile
81.4%
NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.
CVE-2015-1798, bug 2779:
In NTP4 installations utilizing symmetric key authentication, versions ntp-4.2.5p99 to ntp-4.2.8p1, packets with no message authentication code (MAC) are accepted as though they have a valid MAC. An attacker may be able to leverage this validation error to send packets that will be accepted by the client. The CVSS score reflects this issue.
CVE-2015-1799, bug 2781:
In NTP installations utilizing symmetric key authentication, including xntp3.3wy to version ntp-4.2.8p1, a denial of service condition is created when two peering hosts receive packets in which the originate and transmit timestamps do not match. An attacker who periodically sends such packets to both hosts can prevent synchronization.
For more information about these issues, visit NTP’s security notice.
An unauthenticated attacker with network access may be able to inject packets or prevent peer synchronization among symmetrically authenticated hosts.
Apply an update
The NTP Project has released version ntp-4.2.8p2 to address these issues.
374268
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 10, 2015
Statement Date: April 09, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 24, 2015 Updated: April 10, 2015
Statement Date: April 09, 2015
Affected
`The vulnerabilities in 374268 (different from 852879) have been resolved by FreeBSD-SA-15:07.ntp.
<https://www.freebsd.org/security/advisories/FreeBSD-SA-15:07.ntp.asc>`
We are not aware of further vendor information regarding this vulnerability.
Notified: March 23, 2015 Updated: April 07, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 10, 2015
Statement Date: April 09, 2015
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: April 09, 2015 Updated: April 09, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 24, 2015 Updated: March 24, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 30, 2015 Updated: March 30, 2015
Unknown
We have not received a statement from the vendor.
View all 85 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 4.2 | E:POC/RL:OF/RC:C |
Environmental | 4.2 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND |
The NTP Project credits Miroslav Lichvar of Red Hat for reporting these issues.
This document was written by Joel Land.
CVE IDs: | CVE-2015-1798, CVE-2015-1799 |
---|---|
Date Public: | 2015-04-07 Date First Published: |