CVE-2015-1799

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

References

http://bugs.ntp.org/show_bug.cgi?id=2781

http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html

http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html

http://marc.info/?l=bugtraq&m=143213867103400&w=2

http://marc.info/?l=bugtraq&m=145750740530849&w=2

http://rhn.redhat.com/errata/RHSA-2015-1459.html

http://support.apple.com/kb/HT204942

http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd

http://tools.cisco.com/security/center/viewAlert.x?alertId=38275

http://www.debian.org/security/2015/dsa-3222

http://www.debian.org/security/2015/dsa-3223

http://www.kb.cert.org/vuls/id/374268

http://www.mandriva.com/security/advisories?name=MDVSA-2015:202

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/73950

http://www.securitytracker.com/id/1032031

http://www.ubuntu.com/usn/USN-2567-1

https://kc.mcafee.com/corporate/index?page=content&id=SB10114

https://security.gentoo.org/glsa/201509-01

Details

Source: MITRE

Published: 2015-04-08

Updated: 2018-01-05

Type: CWE-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:A/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 5.5

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* versions up to 4.2.7p444 (inclusive)

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
125008EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1555)NessusHuawei Local Security Checks
high
108955Cisco IOS XE Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)NessusCISCO
medium
108954Cisco IOS Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)NessusCISCO
medium
93186SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)NessusSuSE Local Security Checks
critical
91427Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)NessusCISCO
high
87564Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87143CentOS 7 : ntp (CESA-2015:2231)NessusCentOS Local Security Checks
high
87030Oracle Linux 7 : ntp (ELSA-2015-2231)NessusOracle Linux Local Security Checks
high
86975RHEL 7 : ntp (RHSA-2015:2231)NessusRed Hat Local Security Checks
high
8801Mac OS X < 10.10.4 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
86132GLSA-201509-01 : NTP: Multiple vulnerablitiesNessusGentoo Local Security Checks
medium
86026F5 Networks BIG-IP : NTP vulnerability (K16506)NessusF5 Networks Local Security Checks
medium
85606AIX 6.1 TL 8 : ntp (IV74263)NessusAIX Local Security Checks
medium
85605AIX 7.1 TL 2 : ntp (IV74262)NessusAIX Local Security Checks
medium
85604AIX 7.1 TL 3 : ntp (IV74261)NessusAIX Local Security Checks
medium
85603AIX 6.1 TL 9 : ntp (IV73783)NessusAIX Local Security Checks
medium
85203Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20150722)NessusScientific Linux Local Security Checks
high
85143OracleVM 3.3 : ntp (OVMSA-2015-0102)NessusOracleVM Local Security Checks
high
85111Oracle Linux 6 : ntp (ELSA-2015-1459)NessusOracle Linux Local Security Checks
high
85025CentOS 6 : ntp (CESA-2015:1459)NessusCentOS Local Security Checks
high
84951RHEL 6 : ntp (RHSA-2015:1459)NessusRed Hat Local Security Checks
high
84544SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:1173-1)NessusSuSE Local Security Checks
high
84493AIX 7.1 TL 0 : ntp4 (IV71096)NessusAIX Local Security Checks
medium
84492AIX 6.1 TL 6 : ntp4 (IV71094)NessusAIX Local Security Checks
medium
84489Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)NessusMacOS X Local Security Checks
critical
84488Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)NessusMacOS X Local Security Checks
critical
83744Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p2 Multiple VulnerabilitiesNessusMisc.
high
83725SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2015:0865-1)NessusSuSE Local Security Checks
high
83271Amazon Linux AMI : ntp (ALAS-2015-520)NessusAmazon Linux Local Security Checks
medium
83121Fedora 21 : ntp-4.2.6p5-30.fc21 (2015-5830)NessusFedora Local Security Checks
high
83105openSUSE Security Update : ntp (openSUSE-2015-330)NessusSuSE Local Security Checks
medium
83010Fedora 20 : ntp-4.2.6p5-22.fc20 (2015-5874)NessusFedora Local Security Checks
medium
83008Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)NessusFedora Local Security Checks
medium
82921Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-111-08)NessusSlackware Local Security Checks
medium
82765Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2567-1)NessusUbuntu Local Security Checks
medium
82745Debian DSA-3223-1 : ntp - security updateNessusDebian Local Security Checks
high
82737Mandriva Linux Security Advisory : ntp (MDVSA-2015:202)NessusMandriva Local Security Checks
medium
82715Debian DLA-192-1 : ntp security updateNessusDebian Local Security Checks
medium
82631FreeBSD : ntp -- multiple vulnerabilities (ebd84c96-dd7e-11e4-854e-3c970e169bc2)NessusFreeBSD Local Security Checks
medium