// For flags

CVE-2015-1799

ntp: authentication doesn't protect symmetric associations against DoS attacks

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

La característica symmetric-key en la función receive en ntp_proto.c en ntpd en NTP 3.x y 4.x anterior a 4.2.8p2 realiza actualizaciones de las variables de estados al recibir ciertos paquetes inválidos, lo que facilita a atacantes man-in-the-middle causar una denegación de servicio (perdida de sincronización) mediante la falsificación de la dirección del IP de fuente de un par.

A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-17 CVE Reserved
  • 2015-04-08 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-11-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-17: DEPRECATED: Code
CAPEC
References (26)
URL Tag Source
http://bugs.ntp.org/show_bug.cgi?id=2781 X_refsource_confirm
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html Mailing List
http://support.apple.com/kb/HT204942 X_refsource_confirm
http://www.kb.cert.org/vuls/id/374268 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html X_refsource_confirm
http://www.securityfocus.com/bid/73950 Vdb Entry
http://www.securitytracker.com/id/1032031 Vdb Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10114 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html 2018-01-05
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html 2018-01-05
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html 2018-01-05
http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html 2018-01-05
http://marc.info/?l=bugtraq&m=143213867103400&w=2 2018-01-05
http://marc.info/?l=bugtraq&m=145750740530849&w=2 2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1459.html 2018-01-05
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities 2018-01-05
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd 2018-01-05
http://tools.cisco.com/security/center/viewAlert.x?alertId=38275 2018-01-05
http://www.debian.org/security/2015/dsa-3222 2018-01-05
http://www.debian.org/security/2015/dsa-3223 2018-01-05
http://www.mandriva.com/security/advisories?name=MDVSA-2015:202 2018-01-05
http://www.ubuntu.com/usn/USN-2567-1 2018-01-05
https://security.gentoo.org/glsa/201509-01 2018-01-05
https://access.redhat.com/security/cve/CVE-2015-1799 2015-11-19
https://bugzilla.redhat.com/show_bug.cgi?id=1199435 2015-11-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ntp
Search vendor "Ntp"
 Ntp
Search vendor "Ntp" for product "Ntp"
 <= 4.2.7p444
Search vendor "Ntp" for product "Ntp" and version " <= 4.2.7p444"
-
Affected