Executive Summary

Informations
NameMDVSA-2015:202First vendor Publication2015-04-10
VendorMandrivaLast vendor Modification2015-04-10
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score4.3Attack RangeAdjacent network
Cvss Impact Score4.9Attack ComplexityMedium
Cvss Expoit Score5.5AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in ntp:

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (CVE-2015-1798).

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (CVE-2015-1799).

The updated packages provides a solution for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:202

CWE : Common Weakness Enumeration

%idName
100 %CWE-17Code

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28915
 
Oval ID: oval:org.mitre.oval:def:28915
Title: Symmetric-Key feature allows denial of service
Description: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1799
Version: 3
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29492
 
Oval ID: oval:org.mitre.oval:def:29492
Title: AIX 'NTPv4' vulnerability
Description: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1799
Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28698
 
Oval ID: oval:org.mitre.oval:def:28698
Title: Symmetric-Key feature allows MAC address spoofing.
Description: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1798
Version: 3
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application774

Nessus® Vulnerability Scanner

DateDescription
2018-04-10Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150408-ntpd-ios.nasl - Type : ACT_GATHER_INFO
2018-04-10Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150408-ntpd-iosxe.nasl - Type : ACT_GATHER_INFO
2016-08-29Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1912-1.nasl - Type : ACT_GATHER_INFO
2016-06-01Name : The remote device is affected by multiple vulnerabilities.
File : cisco_ace_A5_3_3.nasl - Type : ACT_GATHER_INFO
2015-12-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_ntp_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2231.nasl - Type : ACT_GATHER_INFO
2015-11-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2231.nasl - Type : ACT_GATHER_INFO
2015-11-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2231.nasl - Type : ACT_GATHER_INFO
2015-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201509-01.nasl - Type : ACT_GATHER_INFO
2015-09-21Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16506.nasl - Type : ACT_GATHER_INFO
2015-08-25Name : The remote AIX host is missing a security patch.
File : aix_IV73783.nasl - Type : ACT_GATHER_INFO
2015-08-25Name : The remote AIX host is missing a security patch.
File : aix_IV74261.nasl - Type : ACT_GATHER_INFO
2015-08-25Name : The remote AIX host is missing a security patch.
File : aix_IV74262.nasl - Type : ACT_GATHER_INFO
2015-08-25Name : The remote AIX host is missing a security patch.
File : aix_IV74263.nasl - Type : ACT_GATHER_INFO
2015-08-04Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150722_ntp_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-31Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2015-07-30Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1459.nasl - Type : ACT_GATHER_INFO
2015-07-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1459.nasl - Type : ACT_GATHER_INFO
2015-07-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1459.nasl - Type : ACT_GATHER_INFO
2015-07-06Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1173-1.nasl - Type : ACT_GATHER_INFO
2015-07-02Name : The remote AIX host is missing a security patch.
File : aix_IV71094.nasl - Type : ACT_GATHER_INFO
2015-07-02Name : The remote AIX host is missing a security patch.
File : aix_IV71096.nasl - Type : ACT_GATHER_INFO
2015-07-01Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_4.nasl - Type : ACT_GATHER_INFO
2015-07-01Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-005.nasl - Type : ACT_GATHER_INFO
2015-05-21Name : The remote NTP server is affected by multiple vulnerabilities.
File : ntp_4_2_8p2.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0865-1.nasl - Type : ACT_GATHER_INFO
2015-05-07Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-520.nasl - Type : ACT_GATHER_INFO
2015-04-29Name : The remote Fedora host is missing a security update.
File : fedora_2015-5830.nasl - Type : ACT_GATHER_INFO
2015-04-28Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-330.nasl - Type : ACT_GATHER_INFO
2015-04-24Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16505.nasl - Type : ACT_GATHER_INFO
2015-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2015-5761.nasl - Type : ACT_GATHER_INFO
2015-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2015-5874.nasl - Type : ACT_GATHER_INFO
2015-04-22Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-111-08.nasl - Type : ACT_GATHER_INFO
2015-04-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3223.nasl - Type : ACT_GATHER_INFO
2015-04-14Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2567-1.nasl - Type : ACT_GATHER_INFO
2015-04-13Name : The remote Debian host is missing a security update.
File : debian_DLA-192.nasl - Type : ACT_GATHER_INFO
2015-04-13Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-202.nasl - Type : ACT_GATHER_INFO
2015-04-08Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ebd84c96dd7e11e4854e3c970e169bc2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2015-04-14 13:28:59
  • Multiple Updates
2015-04-10 17:24:56
  • First insertion