MGASA-2015-0152

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0152.html

Import Source

https://advisories.mageia.org/MGASA-2015-0152.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0152

Related

Published

2015-04-15T09:01:28Z

Modified

2015-04-15T08:49:01Z

Summary

Updated ntp packages fix security vulnerabilities

Details

Updated ntp packages fix security vulnerabilities:

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (CVE-2015-1798).

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (CVE-2015-1799).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / ntp

Package

Name: ntp
Purl: pkg:rpm/mageia/ntp?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.6p5-15.5.mga4

Ecosystem specific

{
    "section": "core"
}