Lucene search
F5F5:K16505HistoryNov 07, 2015 - 12:00 a.m.
K16505 : NTP vulnerability CVE-2015-1798
2015-11-0700:00:00
my.f5.com
20
Security Advisory Description
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
(
CVE-2015-1798
)
Impact
For BIG-IP systems using a default network time protocol (NTP) configuration, there is no impact. However, BIG-IP systems with an NTP configuration that is customized in line with the requirements of the advisory may be vulnerable.
Related
threatpost
threatpost
NTP Symmetric Key Authentication Security Vulnerabilities Patched
2015-04-08 11:37:31
f5
f5
SOL16505 - NTP vulnerability CVE-2015-1798
2015-04-23 00:00:00
ubuntucve
ubuntucve
CVE-2015-1798
2015-04-08 00:00:00
debiancve
debiancve
CVE-2015-1798
2015-04-08 10:59:04
cvelist
cvelist
CVE-2015-1798
2015-04-08 10:00:00
cve
cve
CVE-2015-1798
2015-04-08 10:59:04
cisco
cisco
nessus
nessus
Rockwell Automation Stratix NTP Authentication bypass (CVE-2015-1798)
2023-11-15 00:00:00
F5 Networks BIG-IP : NTP vulnerability (K16505)
2015-04-24 00:00:00
nvd
nvd
CVE-2015-1798
2015-04-08 10:59:04
prion
prion
Design/Logic Flaw
2015-04-08 10:59:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-520)
2015-09-08 00:00:00
Fedora Update for ntp FEDORA-2015-5761
2015-07-07 00:00:00
Ubuntu: Security Advisory (USN-2567-1)
2015-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-30.fc22
2015-04-22 22:56:05
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-30.fc21
2015-04-28 13:01:04
archlinux
archlinux
ntp: multiple issues
2015-04-08 00:00:00
amazon
amazon
Important: ntp
2015-05-05 15:56:00
slackware
slackware
[slackware-security] ntp
2015-04-22 01:21:55
securityvulns
securityvulns
ntpd restrictions bypass
2015-04-08 00:00:00
FreeBSD Security Advisory FreeBSD-SA-15:07.ntp
2015-04-08 00:00:00
Apple Mac OS X / EFI multiple security vulnerabilities
2015-07-05 00:00:00
cert
cert
NTP Project ntpd reference implementation contains multiple vulnerabilities
2015-04-07 00:00:00
debian
debian
[SECURITY] [DSA 3223-1] ntp security update
2015-04-12 16:29:16
[SECURITY] [DLA 192-1] ntp security update
2015-04-10 21:52:54
ubuntu
ubuntu
NTP vulnerabilities
2015-04-13 00:00:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-04-15 12:01:28
freebsd
freebsd
ntp -- multiple vulnerabilities
2015-04-07 00:00:00
ibm
ibm
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:07.ntp
2015-04-07 00:00:00
osv
osv
ntp - security update
2015-04-12 00:00:00
ntp - security update
2015-04-10 00:00:00
gentoo
gentoo
NTP: Multiple vulnerablities
2015-09-24 00:00:00
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 05:41:08
Man-In-The-Middle (MitM)
2019-05-02 05:41:08
Improper Input Validation And Arbitary Code Injection
2019-05-02 05:41:07
centos
centos
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
ntp, ntpdate security update
2015-07-26 14:13:05
redhat
redhat
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
suse
suse
Security update for yast2-ntp-client (important)
2016-08-17 21:08:25
Security update for ntp (important)
2016-07-29 19:08:48
ics
ics
Rockwell Automation Stratix 5900
2017-05-10 12:00:00