oval:org.mitre.oval:def:28698

Definition Id: oval:org.mitre.oval:def:28698

Oval ID:	oval:org.mitre.oval:def:28698
Title:	Symmetric-Key feature allows MAC address spoofing.
Description:	The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2015-1798	Version:	3
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.31 AND filesets tests NTP.INETSVCS2-BOOT version is less than C.4.2.6.6.0 AND NTP.NTP-AUX version is less than C.4.2.6.6.0 AND NTP.NTP-RUN version is less than C.4.2.6.6.0