CVE-2015-1799
Summary
| CVE | CVE-2015-1799 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-04-08 10:59:00 UTC |
| Updated | 2018-01-05 02:30:00 UTC |
| Description | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. |
Risk And Classification
Problem Types: CWE-17
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [chrony-announce] chrony-1.31.1 released (security) | MLIST | listengine.tuxfamily.org | |
| About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support | CONFIRM | support.apple.com | |
| [SECURITY] Fedora 22 Update: ntp-4.2.6p5-30.fc22 | FEDORA | lists.fedoraproject.org | |
| support.ntp.org/bin/view/Main/SecurityNotice | CONFIRM | support.ntp.org | Vendor Advisory |
| Bug 2781 – authentication doesn't protect symmetric associations against DoS attacks | CONFIRM | bugs.ntp.org | |
| '[security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, R' - MARC | HP | marc.info | |
| Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability | CISCO | tools.cisco.com | |
| Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products | CISCO | tools.cisco.com | |
| '[security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)' - MARC | HP | marc.info | |
| Gentoo Security | GENTOO | security.gentoo.org | |
| APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 | APPLE | lists.apple.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Debian -- Security Information -- DSA-3222-1 chrony | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20 | FEDORA | lists.fedoraproject.org | |
| Vulnerability Note VU#374268 - NTP Project ntpd reference implementation contains multiple vulnerabilities | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Oracle Linux Bulletin - October 2015 | CONFIRM | www.oracle.com | |
| NTP CVE-2015-1799 Denial of Service Vulnerability | BID | www.securityfocus.com | |
| McAfee KnowledgeBase - Intel Security - Security Bulletin: Asset Manager 6.6 and Firewall Enterprise patches resolve two NTP vulnerabilities: CVE-2015-1798 and CVE-2015-1799 | CONFIRM | kc.mcafee.com | |
| openSUSE-SU-2015:0775-1: moderate: Security update for ntp | SUSE | lists.opensuse.org | |
| Support / Security / Advisories / / MDVSA-2015:202 | Mandriva | MANDRIVA | www.mandriva.com | |
| USN-2567-1: NTP vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Oracle Solaris Third Party Bulletin - April 2015 | CONFIRM | www.oracle.com | |
| Debian -- Security Information -- DSA-3223-1 ntp | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590349 Rockwell Automation Stratix 5900 Multiple Vulnerabilities (ICSA-17-094-04)