Lucene search

K
ubuntuUbuntuUSN-2567-1
HistoryApr 13, 2015 - 12:00 a.m.

NTP vulnerabilities

2015-04-1300:00:00
ubuntu.com
52

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • ntp - Network Time Protocol daemon and utility programs

Details

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A
remote attacker could possibly use this issue to bypass authentication and
spoof packets. (CVE-2015-1798)

Miroslav Lichvar discovered that NTP incorrectly handled certain invalid
packets. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2015-1799)

Juergen Perlinger discovered that NTP incorrectly generated MD5 keys on
big-endian platforms. This issue could either cause ntp-keygen to hang, or
could result in non-random keys. (CVE number pending)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3UNKNOWN
Ubuntu14.10noarchntpdate< 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3UNKNOWN
Ubuntu14.04noarchntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3UNKNOWN
Ubuntu14.04noarchntpdate< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3UNKNOWN
Ubuntu12.04noarchntp< 1:4.2.6.p3+dfsg-1ubuntu3.4UNKNOWN
Ubuntu12.04noarchntpdate< 1:4.2.6.p3+dfsg-1ubuntu3.4UNKNOWN

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%