1
PublicDateAtUSN: 2015-04-08
2
Candidate: CVE-2015-1798
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
6
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
7
https://usn.ubuntu.com/usn/usn-2567-1
9
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in
10
NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a
11
nonzero length, which makes it easier for man-in-the-middle attackers to
12
spoof packets by omitting the MAC.
15
mdeslaur> 4.2.5p99+ only
17
http://bugs.ntp.org/show_bug.cgi?id=2779
19
Discovered-by: Miroslav Lichvar
23
upstream: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
24
upstream_ntp: released (4.2.8p2)
25
lucid_ntp: not-affected (1:4.2.4p8+dfsg-1ubuntu2.3)
26
precise_ntp: released (1:4.2.6.p3+dfsg-1ubuntu3.4)
27
trusty_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3)
28
utopic_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.10.3)
29
devel_ntp: released (1:4.2.6.p5+dfsg-3ubuntu5)