CVE-2015-7973
https://notcve.org/view.php?id=CVE-2015-7973
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •
CVE-2015-7974 – ntp: missing key check allows impersonation between authenticated peers (VU#357792)
https://notcve.org/view.php?id=CVE-2015-7974
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." NTP 4.x en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no verifica las asociaciones del par de las claves simétricas cuando autentica paquetes, lo que podría permitir a atacante remotos llevar a cabo ataques de suplantación de identidad a través de una clave de confianza arbitraria, también conocida como "skeleton key". A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). • http://bugs.ntp.org/show_bug.cgi?id=2936 http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2936 http://www.debian.org/security/2016/dsa-3629 http://www.securityfocus.com/bid/81960 http://www.securitytracker.com/id/1034782 http://www.talosintel.com/reports/TALOS-2016-0071 https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750e • CWE-287: Improper Authentication CWE-304: Missing Critical Step in Authentication •
CVE-2015-8138 – ntp: missing check for zero originate timestamp
https://notcve.org/view.php?id=CVE-2015-8138
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos eludir la validación de marca horaria de origen a través de un paquete con una marca horaria de origen puesta a cero. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce • CWE-20: Improper Input Validation CWE-294: Authentication Bypass by Capture-replay •