NTP 4.x prior to 4.2.8p6 and 4.3.x prior to 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote malicious users to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ntp ntp |
||
ntp ntp 4.2.8 |
||
siemens tim_4r-ie_firmware |
||
siemens tim_4r-ie_dnp3_firmware |
||
netapp clustered data ontap - |
||
netapp oncommand balance - |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |