Lucene search
Ubuntu.comUB:CVE-2015-1799HistoryApr 08, 2015 - 12:00 a.m.
CVE-2015-1799
2015-04-0800:00:00
ubuntu.com
ubuntu.com
9
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:P/A:P
0.008 Low
EPSS
Percentile
81.4%
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in
NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon
receiving certain invalid packets, which makes it easier for
man-in-the-middle attackers to cause a denial of service (synchronization
loss) by spoofing the source IP address of a peer.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | we will not be backporting this issue to the codebase in lucid before it goes end-of-life. Marking as ignored. |
Related
nessus
nessus
AIX 6.1 TL 8 : ntp (IV74263)
2015-08-25 00:00:00
Rockwell Automation Stratix NTP Authentication doesn't protect symmetric associations against DoS attacks (CVE-2015-1799)
2023-11-15 00:00:00
F5 Networks BIG-IP : NTP vulnerability (K16506)
2015-09-21 00:00:00
cve
cve
CVE-2015-1799
2015-04-08 10:59:00
cisco
cisco
f5
f5
K16506 : NTP vulnerability CVE-2015-1799
2015-09-18 00:00:00
SOL16506 - NTP vulnerability CVE-2015-1799
2015-04-24 00:00:00
debiancve
debiancve
CVE-2015-1799
2015-04-08 10:59:00
prion
prion
Design/Logic Flaw
2015-04-08 10:59:00
aix
aix
Vulnerability in NTPv3 affects AIX,Vulnerability in NTPv3 affects VIOS
2015-08-21 09:06:03
Vulnerabilities in NTPv4 affect AIX,Vulnerabilities in NTPv4 affect VIOS
2015-06-29 10:00:16
ibm
ibm
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-04-15 12:01:28
freebsd
freebsd
ntp -- multiple vulnerabilities
2015-04-07 00:00:00
openvas
openvas
SUSE: Security Advisory for ntp (SUSE-SU-2015:1173-1)
2015-10-13 00:00:00
Slackware: Security Advisory (SSA:2015-111-08)
2022-04-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-520)
2015-09-08 00:00:00
archlinux
archlinux
ntp: multiple issues
2015-04-08 00:00:00
chrony: denial of service
2015-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-30.fc22
2015-04-22 22:56:05
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-30.fc21
2015-04-28 13:01:04
securityvulns
securityvulns
ntpd restrictions bypass
2015-04-08 00:00:00
FreeBSD Security Advisory FreeBSD-SA-15:07.ntp
2015-04-08 00:00:00
Apple Mac OS X / EFI multiple security vulnerabilities
2015-07-05 00:00:00
slackware
slackware
[slackware-security] ntp
2015-04-22 01:21:55
amazon
amazon
Important: ntp
2015-05-05 15:56:00
suse
suse
Security update for ntp (important)
2015-07-02 17:05:24
Security update for ntp (important)
2016-07-29 19:08:48
Security update for yast2-ntp-client (important)
2016-08-17 21:08:25
cert
cert
NTP Project ntpd reference implementation contains multiple vulnerabilities
2015-04-07 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2015-04-13 00:00:00
debian
debian
[SECURITY] [DLA 192-1] ntp security update
2015-04-10 21:52:54
[SECURITY] [DSA 3223-1] ntp security update
2015-04-12 16:29:16
osv
osv
ntp - security update
2015-04-10 00:00:00
ntp - security update
2015-04-12 00:00:00
gentoo
gentoo
NTP: Multiple vulnerablities
2015-09-24 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:07.ntp
2015-04-07 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 05:41:08
Man-In-The-Middle (MitM)
2019-05-02 05:41:08
Insufficient Entropy In Key Generation Algorithm
2019-05-02 05:41:08
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
redhat
redhat
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
centos
centos
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
ntp, ntpdate security update
2015-07-26 14:13:05
ics
ics
Rockwell Automation Stratix 5900
2017-05-10 12:00:00
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:P/A:P
0.008 Low
EPSS
Percentile
81.4%
Related for UB:CVE-2015-1799