CVE-2015-7974

MEDIUM

Description

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

References

http://bugs.ntp.org/show_bug.cgi?id=2936

http://rhn.redhat.com/errata/RHSA-2016-2583.html

http://support.ntp.org/bin/view/Main/NtpBug2936

http://www.debian.org/security/2016/dsa-3629

http://www.securityfocus.com/bid/81960

http://www.securitytracker.com/id/1034782

http://www.talosintel.com/reports/TALOS-2016-0071/

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

https://security.gentoo.org/glsa/201607-15

https://security.netapp.com/advisory/ntap-20171031-0001/

Details

Source: MITRE

Published: 2016-01-26

Updated: 2020-06-18

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Impact Score: 4

Exploitability Score: 3.1

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

ID	Name	Product	Family	Severity
125009	EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)	Nessus	Huawei Local Security Checks	high
106499	pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)	Nessus	Firewalls	critical
102128	AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)	Nessus	AIX Local Security Checks	medium
99822	EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060)	Nessus	Huawei Local Security Checks	medium
99183	AIX NTP v4 Advisory : ntp_advisory7.asc (IV87278) (IV87279)	Nessus	AIX Local Security Checks	medium
95850	Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)	Nessus	Scientific Linux Local Security Checks	medium
95330	CentOS 7 : ntp (CESA-2016:2583)	Nessus	CentOS Local Security Checks	medium
94705	Oracle Linux 7 : ntp (ELSA-2016-2583)	Nessus	Oracle Linux Local Security Checks	medium
94546	RHEL 7 : ntp (RHSA-2016:2583)	Nessus	Red Hat Local Security Checks	medium
93896	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : ntp vulnerabilities (USN-3096-1)	Nessus	Ubuntu Local Security Checks	high
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	high
92571	Debian DSA-3629-1 : ntp - security update	Nessus	Debian Local Security Checks	high
92546	Debian DLA-559-1 : ntp security update	Nessus	Debian Local Security Checks	high
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
91663	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)	Nessus	SuSE Local Security Checks	high
91403	openSUSE Security Update : ntp (openSUSE-2016-649)	Nessus	SuSE Local Security Checks	high
91269	openSUSE Security Update : ntp (openSUSE-2016-599)	Nessus	SuSE Local Security Checks	high
91248	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)	Nessus	SuSE Local Security Checks	high
91159	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1291-1)	Nessus	SuSE Local Security Checks	high
91120	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1278-1)	Nessus	SuSE Local Security Checks	high
91111	openSUSE Security Update : ntp (openSUSE-2016-578)	Nessus	SuSE Local Security Checks	medium
90991	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)	Nessus	SuSE Local Security Checks	high
90923	Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p7 Multiple Vulnerabilities	Nessus	Misc.	high
90821	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)	Nessus	SuSE Local Security Checks	medium
90820	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)	Nessus	SuSE Local Security Checks	medium
89577	Fedora 23 : ntp-4.2.6p5-36.fc23 (2016-8bb1932088)	Nessus	Fedora Local Security Checks	medium
89510	Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8)	Nessus	Fedora Local Security Checks	high
88912	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04)	Nessus	Slackware Local Security Checks	medium
88661	Amazon Linux AMI : ntp (ALAS-2016-649)	Nessus	Amazon Linux Local Security Checks	medium
88068	FreeBSD : ntp -- multiple vulnerabilities (5237f5d7-c020-11e5-b397-d050996490d0)	Nessus	FreeBSD Local Security Checks	medium
88054	Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p6 Multiple Vulnerabilities	Nessus	Misc.	medium