CVE-2015-1799
ntp: authentication doesn't protect symmetric associations against DoS attacks
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
La característica symmetric-key en la función receive en ntp_proto.c en ntpd en NTP 3.x y 4.x anterior a 4.2.8p2 realiza actualizaciones de las variables de estados al recibir ciertos paquetes inválidos, lo que facilita a atacantes man-in-the-middle causar una denegación de servicio (perdida de sincronización) mediante la falsificación de la dirección del IP de fuente de un par.
A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers.
The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-17 CVE Reserved
- 2015-04-08 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://bugs.ntp.org/show_bug.cgi?id=2781 | X_refsource_confirm | |
| http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/20... | Mailing List | |
| http://support.apple.com/kb/HT204942 | X_refsource_confirm |
|
| http://www.kb.cert.org/vuls/id/374268 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015-25119... | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-... | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/73950 | Vdb Entry | |
| http://www.securitytracker.com/id/1032031 | Vdb Entry | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10114 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|