{"vuid":"VU#374268","idnumber":"374268","name":"NTP Project ntpd reference implementation contains multiple vulnerabilities","keywords":["ntp","ntpd","symmetric authentication"],"overview":"NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.","clean_desc":"CVE-2015-1798, bug 2779: In NTP4 installations utilizing symmetric key authentication, versions ntp-4.2.5p99 to ntp-4.2.8p1, packets with no message authentication code (MAC) are accepted as though they have a valid MAC. An attacker may be able to leverage this validation error to send packets that will be accepted by the client. The CVSS score reflects this issue. CVE-2015-1799, bug 2781: In NTP installations utilizing symmetric key authentication, including xntp3.3wy to version ntp-4.2.8p1, a denial of service condition is created when two peering hosts receive packets in which the originate and transmit timestamps do not match. An attacker who periodically sends such packets to both hosts can prevent synchronization. For more information about these issues, visit NTP's security notice.","impact":"An unauthenticated attacker with network access may be able to inject packets or prevent peer synchronization among symmetrically authenticated hosts.","resolution":"Apply an update The NTP Project has released version ntp-4.2.8p2 to address these issues.","workarounds":"","sysaffected":"","thanks":"The NTP Project credits Miroslav Lichvar of Red Hat for reporting these issues.","author":"This document was written by Joel Land.","public":["http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","http://bugs.ntp.org/show_bug.cgi?id=2781","http://bugs.ntp.org/show_bug.cgi?id=2779","http://www.ntp.org/downloads.html"],"cveids":["CVE-2015-1798","CVE-2015-1799"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-03-20T20:09:52Z","publicdate":"2015-04-07T00:00:00Z","datefirstpublished":"2015-04-07T20:55:39Z","dateupdated":"2015-04-10T18:36:41Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.4","cvss_basevector":"AV:A/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"4.2","cvss_environmentalscore":"4.22202618176661","cvss_environmentalvector":"CDP:N/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}