The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

OSVersionArchitecturePackageVersionFilename
Debian11allntp< 1:4.2.6.p5+dfsg-6ntp_1:4.2.6.p5+dfsg-6_all.deb
Debian10allntp< 1:4.2.6.p5+dfsg-6ntp_1:4.2.6.p5+dfsg-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	ntp	< 1:4.2.6.p5+dfsg-6	ntp_1:4.2.6.p5+dfsg-6_all.deb
Debian	10	all	ntp	< 1:4.2.6.p5+dfsg-6	ntp_1:4.2.6.p5+dfsg-6_all.deb

f5 2

ubuntucve 1

prion 1

nessus 33

cve 1

cisco 2

threatpost 1

cert 1

openvas 22

ubuntu 1

debian 2

mageia 1

freebsd 1

securityvulns 4

slackware 1

amazon 1

archlinux 1

fedora 3

ibm 9

osv 2

gentoo 1

freebsd_advisory 1

veracode 5

oraclelinux 2

centos 2

redhat 2

suse 2

ics 1

SOL16505 - NTP vulnerability CVE-2015-1798

2015-04-23 00:00:00

K16505 : NTP vulnerability CVE-2015-1798

2015-11-07 00:00:00

ubuntucve

CVE-2015-1798

2015-04-08 00:00:00

prion

Design/Logic Flaw

2015-04-08 10:59:00

nessus

F5 Networks BIG-IP : NTP vulnerability (K16505)

2015-04-24 00:00:00

Rockwell Automation Stratix NTP Authentication bypass (CVE-2015-1798)

2023-11-15 00:00:00

Mandriva Linux Security Advisory : ntp (MDVSA-2015:202)

2015-04-13 00:00:00

cve

CVE-2015-1798

2015-04-08 10:59:00

cisco

Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability

2015-04-08 17:05:12

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products

2015-04-08 16:00:00

threatpost

NTP Symmetric Key Authentication Security Vulnerabilities Patched

2015-04-08 11:37:31

cert

NTP Project ntpd reference implementation contains multiple vulnerabilities

2015-04-07 00:00:00

openvas

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products

2016-05-10 00:00:00

Slackware: Security Advisory (SSA:2015-111-08)

2022-04-21 00:00:00

Mageia: Security Advisory (MGASA-2015-0152)

2022-01-28 00:00:00

ubuntu

NTP vulnerabilities

2015-04-13 00:00:00

debian

[SECURITY] [DLA 192-1] ntp security update

2015-04-10 21:52:54

[SECURITY] [DSA 3223-1] ntp security update

2015-04-12 16:29:16

mageia

Updated ntp packages fix security vulnerabilities

2015-04-15 12:01:28

freebsd

ntp -- multiple vulnerabilities

2015-04-07 00:00:00

securityvulns

ntpd restrictions bypass

2015-04-08 00:00:00

FreeBSD Security Advisory FreeBSD-SA-15:07.ntp

2015-04-08 00:00:00

Apple Mac OS X / EFI multiple security vulnerabilities

2015-07-05 00:00:00

slackware

[slackware-security] ntp

2015-04-22 01:21:55

amazon

Important: ntp

2015-05-05 15:56:00

archlinux

ntp: multiple issues

2015-04-08 00:00:00

fedora

[SECURITY] Fedora 22 Update: ntp-4.2.6p5-30.fc22

2015-04-22 22:56:05

[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20

2015-04-22 22:55:51

[SECURITY] Fedora 21 Update: ntp-4.2.6p5-30.fc21

2015-04-28 13:01:04

ibm

Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)

2018-06-16 21:30:32

Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-1798 CVE-2015-1799 CVE-2015-3405)

2021-09-23 01:31:39

Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities

2018-06-16 21:38:59

osv

ntp - security update

2015-04-10 00:00:00

ntp - security update

2015-04-12 00:00:00

gentoo

NTP: Multiple vulnerablities

2015-09-24 00:00:00

freebsd_advisory

FreeBSD-SA-15:07.ntp

2015-04-07 00:00:00

veracode

Insufficient Entropy In Key Generation Algorithm

2019-05-02 05:41:08

Man-in-the-Middle (MitM)

2019-05-02 05:41:08

Man-In-The-Middle (MitM)

2019-05-02 05:41:08

oraclelinux

ntp security, bug fix, and enhancement update

2015-07-28 00:00:00

ntp security, bug fix, and enhancement update

2015-11-23 00:00:00

centos

ntp, ntpdate security update

2015-07-26 14:13:05

ntp, ntpdate, sntp security update

2015-11-30 19:45:44

redhat

(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update

2015-11-19 14:42:12

(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update

2015-07-22 00:00:00

suse

Security update for ntp (important)

2016-07-29 19:08:48

Security update for yast2-ntp-client (important)

2016-08-17 21:08:25

ics

Rockwell Automation Stratix 5900

2017-05-10 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

1.8 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:H/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for DEBIANCVE:CVE-2015-1798