CVE-2016-1567
Published on: 01/26/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:05 PM UTC
Certain versions of Chrony from Tuxfamily contain the following vulnerability:
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
- CVE-2016-1567 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | HIGH | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[SECURITY] Fedora 22 Update: chrony-2.1.1-2.fc22 | lists.fedoraproject.org text/html |
![]() |
Cisco Talos - Talos 2016 0071 | Exploit www.talosintel.com text/html |
![]() |
Chrony | Vendor Advisory chrony.tuxfamily.org text/xml |
![]() |
[SECURITY] Fedora 23 Update: chrony-2.1.1-2.fc23 | Patch lists.fedoraproject.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Tuxfamily | Chrony | 2.0 | All | All | All |
Application | Tuxfamily | Chrony | 2.1 | All | All | All |
Application | Tuxfamily | Chrony | 2.1.1 | All | All | All |
Application | Tuxfamily | Chrony | 2.2 | All | All | All |
Application | Tuxfamily | Chrony | 2.0 | All | All | All |
Application | Tuxfamily | Chrony | 2.1 | All | All | All |
Application | Tuxfamily | Chrony | 2.1.1 | All | All | All |
Application | Tuxfamily | Chrony | 2.2 | All | All | All |
Application | Tuxfamily | Chrony | All | All | All | All |
- cpe:2.3:a:tuxfamily:chrony:2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:2.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE