// For flags

CVE-2015-1798

ntp: ntpd accepts unauthenticated packets with symmetric key crypto

Severity Score

1.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

La característica symmetric-key en la función receive en ntp_proto.c en ntpd en NTP 4.x anterior a 4.2.8p2 requiere un MAC correcto únicamente si el campo MAC tiene una longitud que no sea cero, lo que facilita a atacantes man-in-the-middle falsificar paquetes mediante la omisión del MAC.

It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-17 CVE Reserved
  • 2015-04-08 CVE Published
  • 2024-05-02 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-17: DEPRECATED: Code
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (23)
URL Tag Source
http://bugs.ntp.org/show_bug.cgi?id=2779 X_refsource_confirm
http://support.apple.com/kb/HT204942 X_refsource_confirm
http://www.kb.cert.org/vuls/id/374268 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html X_refsource_confirm
http://www.securityfocus.com/bid/73951 Vdb Entry
http://www.securitytracker.com/id/1032032 Vdb Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10114 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html 2023-02-12
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html 2023-02-12
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html 2023-02-12
http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html 2023-02-12
http://marc.info/?l=bugtraq&m=143213867103400&w=2 2023-02-12
http://rhn.redhat.com/errata/RHSA-2015-1459.html 2023-02-12
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities 2023-02-12
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd 2023-02-12
http://tools.cisco.com/security/center/viewAlert.x?alertId=38276 2023-02-12
http://www.debian.org/security/2015/dsa-3223 2023-02-12
http://www.mandriva.com/security/advisories?name=MDVSA-2015:202 2023-02-12
http://www.ubuntu.com/usn/USN-2567-1 2023-02-12
https://security.gentoo.org/glsa/201509-01 2023-02-12
https://access.redhat.com/security/cve/CVE-2015-1798 2015-11-19
https://bugzilla.redhat.com/show_bug.cgi?id=1199430 2015-11-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ntp
Search vendor "Ntp"
 Ntp
Search vendor "Ntp" for product "Ntp"
 <= 4.2.7p444
Search vendor "Ntp" for product "Ntp" and version " <= 4.2.7p444"
-
Affected