Univention Bugzilla – Bug 38244
ntp: multiple issues (4.0)
Last modified: 2015-06-17 18:13:26 CEST
Man-in-the-middle attackers may spoof packets by omitting the MAC because the symmetric-key feature in the receive function in ntp_proto.c requires a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798) Man-in-the-middle attackers may cause a denial of service (synchronization loss) by spoofing the source IP address of a peer because the symmetric-key feature in the receive function in ntp_proto.c performs state-variable updates upon receiving certain invalid packets (CVE-2015-1799)
Fixed in upstream Debian package version 1:4.2.6.p5+dfsg-2+deb7u4
Tests (i386): OK Advisory: 2015-06-05-ntp.yaml
OK: amd64 i386 OK: apt-cache policy ntp OK: ucr set timeserver{=1,2=2,3=3}.debian.pool.ntp.org;/etc/init.d/ntp restart;ntpq -p OK: zless /usr/share/doc/ntp/changelog.Debian.gz FIXED: 2015-06-05-ntp.yaml → r61249 OK: CVE-2015-1798 CVE-2015-1799 OK: errata-announce -V 2015-06-05-ntp.yaml
<http://errata.univention.de/ucs/4.0/212.html>