CVE-2015-7974

Sažetak

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Reference

http://www.talosintel.com/reports/TALOS-2016-0071/
http://bugs.ntp.org/show_bug.cgi?id=2936
http://support.ntp.org/bin/view/Main/NtpBug2936
http://www.securityfocus.com/bid/81960
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
https://security.gentoo.org/glsa/201607-15
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
http://www.securitytracker.com/id/1034782
http://www.debian.org/security/2016/dsa-3629
https://security.netapp.com/advisory/ntap-20171031-0001/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
http://rhn.redhat.com/errata/RHSA-2016-2583.html
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

26-04-2021 - 17:42

Objavljeno

26-01-2016 - 19:59