The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

OSVersionArchitecturePackageVersionFilename
Debian11allntp< 1:4.2.6.p5+dfsg-6ntp_1:4.2.6.p5+dfsg-6_all.deb
Debian10allntp< 1:4.2.6.p5+dfsg-6ntp_1:4.2.6.p5+dfsg-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	ntp	< 1:4.2.6.p5+dfsg-6	ntp_1:4.2.6.p5+dfsg-6_all.deb
Debian	10	all	ntp	< 1:4.2.6.p5+dfsg-6	ntp_1:4.2.6.p5+dfsg-6_all.deb

nessus 39

cve 1

cisco 2

f5 2

ubuntucve 1

prion 1

aix 2

ibm 12

openvas 24

mageia 1

freebsd 1

archlinux 2

fedora 3

securityvulns 4

slackware 1

amazon 1

suse 3

cert 1

ubuntu 1

debian 2

osv 2

gentoo 1

freebsd_advisory 1

veracode 5

oraclelinux 2

redhat 2

centos 2

ics 1

nessus

AIX 6.1 TL 8 : ntp (IV74263)

2015-08-25 00:00:00

Rockwell Automation Stratix NTP Authentication doesn't protect symmetric associations against DoS attacks (CVE-2015-1799)

2023-11-15 00:00:00

F5 Networks BIG-IP : NTP vulnerability (K16506)

2015-09-21 00:00:00

cve

CVE-2015-1799

2015-04-08 10:59:00

cisco

Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability

2015-04-08 16:41:16

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products

2015-04-08 16:00:00

K16506 : NTP vulnerability CVE-2015-1799

2015-09-18 00:00:00

SOL16506 - NTP vulnerability CVE-2015-1799

2015-04-24 00:00:00

ubuntucve

CVE-2015-1799

2015-04-08 00:00:00

prion

Design/Logic Flaw

2015-04-08 10:59:00

aix

Vulnerability in NTPv3 affects AIX,Vulnerability in NTPv3 affects VIOS

2015-08-21 09:06:03

Vulnerabilities in NTPv4 affect AIX,Vulnerabilities in NTPv4 affect VIOS

2015-06-29 10:00:16

ibm

Security Bulletin: A security vulnerability with ntpd affects IBM Flex System Manager (CVE-2015-1799)

2018-06-18 01:29:36

Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)

2018-06-16 21:30:32

Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-1798 CVE-2015-1799 CVE-2015-3405)

2021-09-23 01:31:39

openvas

Slackware: Security Advisory (SSA:2015-111-08)

2022-04-21 00:00:00

SUSE: Security Advisory for ntp (SUSE-SU-2015:1173-1)

2015-10-13 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-520)

2015-09-08 00:00:00

mageia

Updated ntp packages fix security vulnerabilities

2015-04-15 12:01:28

freebsd

ntp -- multiple vulnerabilities

2015-04-07 00:00:00

archlinux

ntp: multiple issues

2015-04-08 00:00:00

chrony: denial of service

2015-04-08 00:00:00

fedora

[SECURITY] Fedora 22 Update: ntp-4.2.6p5-30.fc22

2015-04-22 22:56:05

[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20

2015-04-22 22:55:51

[SECURITY] Fedora 21 Update: ntp-4.2.6p5-30.fc21

2015-04-28 13:01:04

securityvulns

ntpd restrictions bypass

2015-04-08 00:00:00

FreeBSD Security Advisory FreeBSD-SA-15:07.ntp

2015-04-08 00:00:00

Apple Mac OS X / EFI multiple security vulnerabilities

2015-07-05 00:00:00

slackware

[slackware-security] ntp

2015-04-22 01:21:55

amazon

Important: ntp

2015-05-05 15:56:00

suse

Security update for ntp (important)

2015-07-02 17:05:24

Security update for ntp (important)

2016-07-29 19:08:48

Security update for yast2-ntp-client (important)

2016-08-17 21:08:25

cert

NTP Project ntpd reference implementation contains multiple vulnerabilities

2015-04-07 00:00:00

ubuntu

NTP vulnerabilities

2015-04-13 00:00:00

debian

[SECURITY] [DLA 192-1] ntp security update

2015-04-10 21:52:54

[SECURITY] [DSA 3223-1] ntp security update

2015-04-12 16:29:16

osv

ntp - security update

2015-04-10 00:00:00

ntp - security update

2015-04-12 00:00:00

gentoo

NTP: Multiple vulnerablities

2015-09-24 00:00:00

freebsd_advisory

FreeBSD-SA-15:07.ntp

2015-04-07 00:00:00

veracode

Man-in-the-Middle (MitM)

2019-05-02 05:41:08

Man-In-The-Middle (MitM)

2019-05-02 05:41:08

Insufficient Entropy In Key Generation Algorithm

2019-05-02 05:41:08

oraclelinux

ntp security, bug fix, and enhancement update

2015-07-28 00:00:00

ntp security, bug fix, and enhancement update

2015-11-23 00:00:00

redhat

(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update

2015-11-19 14:42:12

(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update

2015-07-22 00:00:00

centos

ntp, ntpdate, sntp security update

2015-11-30 19:45:44

ntp, ntpdate security update

2015-07-26 14:13:05

ics

Rockwell Automation Stratix 5900

2017-05-10 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for DEBIANCVE:CVE-2015-1799