The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x prior to 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle malicious users to spoof packets by omitting the MAC.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ntp ntp |
Mismatched clocks allow poison packets to prevent synching, and sink you
Red Hat security chap Miroslav Lichvar has revealed two vulnerabilities in the widely used and open-source Network Time Protocol daemon (NTPd) that allow attackers to mess up people's clocks. Lichvar reported the two since-patched holes in which packets without proper message authentication codes are accepted regardless (CVE-2015-1798), and a denial of service condition is triggered when spoofed packets are sent between synchronized hosts (CVE-2015-1799). The latter flaw affects NTP installation...
You will be assimilated if you don't apply the fix, say Borg
Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management interfaces with a high rate of crafted packets. As well as a DoS condition, Cisco says user traffic sent from ASA to FirePOWER and CX could be dropped. If FirePOWER or CX are con...