CVE-2015-1798
ntp: ntpd accepts unauthenticated packets with symmetric key crypto
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
La característica symmetric-key en la función receive en ntp_proto.c en ntpd en NTP 4.x anterior a 4.2.8p2 requiere un MAC correcto únicamente si el campo MAC tiene una longitud que no sea cero, lo que facilita a atacantes man-in-the-middle falsificar paquetes mediante la omisión del MAC.
It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.
The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-17 CVE Reserved
- 2015-04-08 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://bugs.ntp.org/show_bug.cgi?id=2779 | X_refsource_confirm | |
| http://support.apple.com/kb/HT204942 | X_refsource_confirm |
|
| http://www.kb.cert.org/vuls/id/374268 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015... | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoc... | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/73951 | Vdb Entry | |
| http://www.securitytracker.com/id/1032032 | Vdb Entry | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10114 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|