The remote Debian host is missing a security-related update.
Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol : - CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentication and send malicious packets without having to know the symmetric key. - CVE-2015-1799 When peering with other NTP hosts using authenticated symmetric association, ntpd would update its internal state variables before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers. Additionally, it was discovered that generating MD5 keys using ntp-keygen on big endian machines would either trigger an endless loop, or generate non-random keys.
Upgrade the ntp packages. For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7.