CVE-2015-7974
HIGH7.7EPSS 10.7%ntp - security update
發布日:2016/1/26修改日:2026/4/28
也稱為:DEBIAN-CVE-2015-7974
描述
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
受影響套件(3)
- Debian/ntpfrom 0, < 1:4.2.8p7+dfsg-1
- Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-2+deb7u7
- Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-7+deb8u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |