CVE-2015-1798

Severity CVSS v4.0:
Pending analysis
Type:
CWE-17 Code Errors
Publication date:
08/04/2015
Last modified:
12/04/2025

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* 4.2.7p444 (including)


References to Advisories, Solutions, and Tools