First published: Wed Apr 08 2015(Updated: )
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
NTP ntp | <=4.2.7p444 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.