CVE-2015-1798

EPSS 0.63%

ntp - security update

Published: 4/8/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-1798

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

Affected packages (3)

Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-6
Debian/ntpfrom 0, < 1:4.2.6.p2+dfsg-1+deb6u3
Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-2+deb7u4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-1798