Описание
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:4.2.6.p5+dfsg-3ubuntu5 |
| esm-infra-legacy/trusty | released | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 |
| lucid | not-affected | 1:4.2.4p8+dfsg-1ubuntu2.3 |
| precise | released | 1:4.2.6.p3+dfsg-1ubuntu3.4 |
| trusty | released | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 |
| trusty/esm | released | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 |
| upstream | released | 4.2.8p2 |
| utopic | released | 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3 |
Показывать по
1.8 Low
CVSS2
Связанные уязвимости
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
The symmetric-key feature in the receive function in ntp_proto.c in nt ...
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
1.8 Low
CVSS2