Mandriva

[ MDVSA-2015:202 ] ntp

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:202
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ntp
 Date    : April 10, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in ntp:
 
 The symmetric-key feature in the receive function in ntp_proto.c
 in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC
 field has a nonzero length, which makes it easier for man-in-the-middle
 attackers to spoof packets by omitting the MAC (CVE-2015-1798).
 
 The symmetric-key feature in the receive function in ntp_proto.c
 in ntpd in NTP before 4.2.8p2 performs state-variable updates
 upon receiving certain invalid packets, which ma

Leave a Reply