CVE-2016-1567
HIGH8.1EPSS 0.41%chrony - security update
發布日:2016/1/26修改日:2026/4/28
也稱為:DEBIAN-CVE-2016-1567
描述
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
受影響套件(3)
- Debian/chronyfrom 0, < 2.2.1-1
- Debian/chronyfrom 0, < 1.24-3+squeeze3
- Debian/chronyfrom 0, < 1.24-3.1+deb7u4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |