{ "threat_severity" : "Low", "public_date" : "2015-04-07T00:00:00Z", "bugzilla" : { "description" : "ntp: ntpd accepts unauthenticated packets with symmetric key crypto", "id" : "1199430", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1199430" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-347", "details" : [ "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.", "It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key." ], "statement" : "This issue did not affect the version of ntp as shipped with Red Hat Enterprise Linux 5", "acknowledgement" : "This issue was discovered by Miroslav Lichvár (Red Hat).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-21T00:00:00Z", "advisory" : "RHSA-2015:1459", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "ntp-0:4.2.6p5-5.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-11-19T00:00:00Z", "advisory" : "RHSA-2015:2231", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "ntp-0:4.2.6p5-22.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "ntp", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1798\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1798" ], "name" : "CVE-2015-1798", "csaw" : false }