chrony prior to 1.31.2 and 2.x prior to 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote malicious users to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tuxfamily chrony 2.1.1 |
||
tuxfamily chrony 2.1 |
||
tuxfamily chrony 2.2 |
||
tuxfamily chrony 2.0 |
||
tuxfamily chrony |