search menu icon-carat-right cmu-wordmark

CERT Coordination Center

NTP Project ntpd reference implementation contains multiple vulnerabilities

Vulnerability Note VU#374268

Original Release Date: 2015-04-07 | Last Revised: 2015-04-10

Overview

NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.

Description

CVE-2015-1798, bug 2779:

In NTP4 installations utilizing symmetric key authentication, versions ntp-4.2.5p99 to ntp-4.2.8p1, packets with no message authentication code (MAC) are accepted as though they have a valid MAC. An attacker may be able to leverage this validation error to send packets that will be accepted by the client. The CVSS score reflects this issue.

CVE-2015-1799, bug 2781:

In NTP installations utilizing symmetric key authentication, including xntp3.3wy to version ntp-4.2.8p1, a denial of service condition is created when two peering hosts receive packets in which the originate and transmit timestamps do not match. An attacker who periodically sends such packets to both hosts can prevent synchronization.

For more information about these issues, visit NTP's security notice.

Impact

An unauthenticated attacker with network access may be able to inject packets or prevent peer synchronization among symmetrically authenticated hosts.

Solution

Apply an update

The NTP Project has released version ntp-4.2.8p2 to address these issues.

Vendor Information

374268
 
Affected   Unknown   Unaffected

Arista Networks, Inc.

Updated:  April 10, 2015

Statement Date:   April 09, 2015

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Notified:  March 24, 2015 Updated:  April 10, 2015

Statement Date:   April 09, 2015

Status

  Affected

Vendor Statement

The vulnerabilities in 374268 (different from 852879) have been resolved by FreeBSD-SA-15:07.ntp.

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:07.ntp.asc

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

NTP Project

Notified:  March 23, 2015 Updated:  April 07, 2015

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

EfficientIP

Updated:  April 10, 2015

Statement Date:   April 09, 2015

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  March 24, 2015 Updated:  March 24, 2015

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    AT&T

    Notified:  March 24, 2015 Updated:  March 24, 2015

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Alcatel-Lucent

      Notified:  March 24, 2015 Updated:  March 24, 2015

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Apple

        Notified:  March 24, 2015 Updated:  March 24, 2015

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          Arch Linux

          Notified:  March 30, 2015 Updated:  March 30, 2015

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Avaya, Inc.

            Notified:  March 24, 2015 Updated:  March 24, 2015

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Barracuda Networks

              Notified:  March 24, 2015 Updated:  March 24, 2015

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                Belkin, Inc.

                Notified:  March 24, 2015 Updated:  March 24, 2015

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  Blue Coat Systems

                  Notified:  March 24, 2015 Updated:  March 24, 2015

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    Brocade

                    Notified:  March 30, 2015 Updated:  March 30, 2015

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      CA Technologies

                      Notified:  March 24, 2015 Updated:  March 24, 2015

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        CentOS

                        Notified:  March 24, 2015 Updated:  March 24, 2015

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Check Point Software Technologies

                          Notified:  March 24, 2015 Updated:  March 24, 2015

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            Cisco

                            Notified:  March 24, 2015 Updated:  March 24, 2015

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              Cray Inc.

                              Notified:  March 24, 2015 Updated:  March 24, 2015

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                D-Link Systems, Inc.

                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  Debian GNU/Linux

                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    DesktopBSD

                                    Notified:  March 24, 2015 Updated:  March 24, 2015

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      DragonFly BSD Project

                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        EMC Corporation

                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          Enterasys Networks

                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                          Status

                                            Unknown

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor References

                                            Ericsson

                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                            Status

                                              Unknown

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor References

                                              Extreme Networks

                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                              Status

                                                Unknown

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor References

                                                F5 Networks, Inc.

                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                Status

                                                  Unknown

                                                Vendor Statement

                                                No statement is currently available from the vendor regarding this vulnerability.

                                                Vendor References

                                                  Fedora Project

                                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                                  Status

                                                    Unknown

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor References

                                                    Force10 Networks

                                                    Notified:  March 24, 2015 Updated:  March 24, 2015

                                                    Status

                                                      Unknown

                                                    Vendor Statement

                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                    Vendor References

                                                      Fortinet, Inc.

                                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                                      Status

                                                        Unknown

                                                      Vendor Statement

                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                      Vendor References

                                                        Fujitsu

                                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                                        Status

                                                          Unknown

                                                        Vendor Statement

                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                        Vendor References

                                                          Gentoo Linux

                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                          Status

                                                            Unknown

                                                          Vendor Statement

                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                          Vendor References

                                                            Global Technology Associates, Inc.

                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                            Status

                                                              Unknown

                                                            Vendor Statement

                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                            Vendor References

                                                              Hewlett-Packard Company

                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                              Status

                                                                Unknown

                                                              Vendor Statement

                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                              Vendor References

                                                                Hitachi

                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                Status

                                                                  Unknown

                                                                Vendor Statement

                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                Vendor References

                                                                  Huawei Technologies

                                                                  Notified:  March 30, 2015 Updated:  March 30, 2015

                                                                  Status

                                                                    Unknown

                                                                  Vendor Statement

                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                  Vendor References

                                                                    IBM Corporation

                                                                    Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                    Status

                                                                      Unknown

                                                                    Vendor Statement

                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                    Vendor References

                                                                      IBM eServer

                                                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                      Status

                                                                        Unknown

                                                                      Vendor Statement

                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                      Vendor References

                                                                        Infoblox

                                                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                        Status

                                                                          Unknown

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor References

                                                                          Intel Corporation

                                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                          Status

                                                                            Unknown

                                                                          Vendor Statement

                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                          Vendor References

                                                                            Intoto

                                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                            Status

                                                                              Unknown

                                                                            Vendor Statement

                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                            Vendor References

                                                                              Juniper Networks

                                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                              Status

                                                                                Unknown

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor References

                                                                                Mandriva S. A.

                                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                Status

                                                                                  Unknown

                                                                                Vendor Statement

                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                Vendor References

                                                                                  McAfee

                                                                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                  Status

                                                                                    Unknown

                                                                                  Vendor Statement

                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                  Vendor References

                                                                                    Microsemi

                                                                                    Notified:  April 09, 2015 Updated:  April 09, 2015

                                                                                    Status

                                                                                      Unknown

                                                                                    Vendor Statement

                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                    Vendor References

                                                                                      Microsoft Corporation

                                                                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                      Status

                                                                                        Unknown

                                                                                      Vendor Statement

                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                      Vendor References

                                                                                        NEC Corporation

                                                                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                        Status

                                                                                          Unknown

                                                                                        Vendor Statement

                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                        Vendor References

                                                                                          NetBSD

                                                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                          Status

                                                                                            Unknown

                                                                                          Vendor Statement

                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                          Vendor References

                                                                                            Nokia

                                                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                            Status

                                                                                              Unknown

                                                                                            Vendor Statement

                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                            Vendor References

                                                                                              Novell, Inc.

                                                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                              Status

                                                                                                Unknown

                                                                                              Vendor Statement

                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                              Vendor References

                                                                                                OmniTI

                                                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                Status

                                                                                                  Unknown

                                                                                                Vendor Statement

                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                Vendor References

                                                                                                  OpenBSD

                                                                                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                  Status

                                                                                                    Unknown

                                                                                                  Vendor Statement

                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                  Vendor References

                                                                                                    Openwall GNU/*/Linux

                                                                                                    Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                    Status

                                                                                                      Unknown

                                                                                                    Vendor Statement

                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                    Vendor References

                                                                                                      Oracle Corporation

                                                                                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                      Status

                                                                                                        Unknown

                                                                                                      Vendor Statement

                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                      Vendor References

                                                                                                        PC-BSD

                                                                                                        Notified:  March 30, 2015 Updated:  March 30, 2015

                                                                                                        Status

                                                                                                          Unknown

                                                                                                        Vendor Statement

                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                        Vendor References

                                                                                                          Palo Alto Networks

                                                                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                          Status

                                                                                                            Unknown

                                                                                                          Vendor Statement

                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                          Vendor References

                                                                                                            Peplink

                                                                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                            Status

                                                                                                              Unknown

                                                                                                            Vendor Statement

                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                            Vendor References

                                                                                                              Process Software

                                                                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                              Status

                                                                                                                Unknown

                                                                                                              Vendor Statement

                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                              Vendor References

                                                                                                                Q1 Labs

                                                                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                Status

                                                                                                                  Unknown

                                                                                                                Vendor Statement

                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                Vendor References

                                                                                                                  QNX Software Systems Inc.

                                                                                                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                  Status

                                                                                                                    Unknown

                                                                                                                  Vendor Statement

                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                  Vendor References

                                                                                                                    Quagga

                                                                                                                    Notified:  March 30, 2015 Updated:  March 30, 2015

                                                                                                                    Status

                                                                                                                      Unknown

                                                                                                                    Vendor Statement

                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                    Vendor References

                                                                                                                      Red Hat, Inc.

                                                                                                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                      Status

                                                                                                                        Unknown

                                                                                                                      Vendor Statement

                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                      Vendor References

                                                                                                                        SUSE Linux

                                                                                                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                        Status

                                                                                                                          Unknown

                                                                                                                        Vendor Statement

                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                        Vendor References

                                                                                                                          SafeNet

                                                                                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                          Status

                                                                                                                            Unknown

                                                                                                                          Vendor Statement

                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                          Vendor References

                                                                                                                            Slackware Linux Inc.

                                                                                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                            Status

                                                                                                                              Unknown

                                                                                                                            Vendor Statement

                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                            Vendor References

                                                                                                                              SmoothWall

                                                                                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                              Status

                                                                                                                                Unknown

                                                                                                                              Vendor Statement

                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                              Vendor References

                                                                                                                                Snort

                                                                                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                Status

                                                                                                                                  Unknown

                                                                                                                                Vendor Statement

                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                Vendor References

                                                                                                                                  Sony Corporation

                                                                                                                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                  Status

                                                                                                                                    Unknown

                                                                                                                                  Vendor Statement

                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                  Vendor References

                                                                                                                                    Sourcefire

                                                                                                                                    Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                    Status

                                                                                                                                      Unknown

                                                                                                                                    Vendor Statement

                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                    Vendor References

                                                                                                                                      Stonesoft

                                                                                                                                      Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                      Status

                                                                                                                                        Unknown

                                                                                                                                      Vendor Statement

                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                      Vendor References

                                                                                                                                        Symantec

                                                                                                                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                        Status

                                                                                                                                          Unknown

                                                                                                                                        Vendor Statement

                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                        Vendor References

                                                                                                                                          The SCO Group

                                                                                                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                          Status

                                                                                                                                            Unknown

                                                                                                                                          Vendor Statement

                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                          Vendor References

                                                                                                                                            TippingPoint Technologies Inc.

                                                                                                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                            Status

                                                                                                                                              Unknown

                                                                                                                                            Vendor Statement

                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                            Vendor References

                                                                                                                                              Turbolinux

                                                                                                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                              Status

                                                                                                                                                Unknown

                                                                                                                                              Vendor Statement

                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                              Vendor References

                                                                                                                                                Ubuntu

                                                                                                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                Status

                                                                                                                                                  Unknown

                                                                                                                                                Vendor Statement

                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                Vendor References

                                                                                                                                                  Unisys

                                                                                                                                                  Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                  Status

                                                                                                                                                    Unknown

                                                                                                                                                  Vendor Statement

                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                  Vendor References

                                                                                                                                                    VMware

                                                                                                                                                    Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                    Status

                                                                                                                                                      Unknown

                                                                                                                                                    Vendor Statement

                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                    Vendor References

                                                                                                                                                      Vyatta

                                                                                                                                                      Notified:  March 30, 2015 Updated:  March 30, 2015

                                                                                                                                                      Status

                                                                                                                                                        Unknown

                                                                                                                                                      Vendor Statement

                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                      Vendor References

                                                                                                                                                        Watchguard Technologies, Inc.

                                                                                                                                                        Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                        Status

                                                                                                                                                          Unknown

                                                                                                                                                        Vendor Statement

                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                          Wind River

                                                                                                                                                          Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                          Status

                                                                                                                                                            Unknown

                                                                                                                                                          Vendor Statement

                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                          Vendor References

                                                                                                                                                            ZyXEL

                                                                                                                                                            Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                            Status

                                                                                                                                                              Unknown

                                                                                                                                                            Vendor Statement

                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                            Vendor References

                                                                                                                                                              eSoft, Inc.

                                                                                                                                                              Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                              Status

                                                                                                                                                                Unknown

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor References

                                                                                                                                                                m0n0wall

                                                                                                                                                                Notified:  March 24, 2015 Updated:  March 24, 2015

                                                                                                                                                                Status

                                                                                                                                                                  Unknown

                                                                                                                                                                Vendor Statement

                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                Vendor References

                                                                                                                                                                  openSUSE project

                                                                                                                                                                  Notified:  March 30, 2015 Updated:  March 30, 2015

                                                                                                                                                                  Status

                                                                                                                                                                    Unknown

                                                                                                                                                                  Vendor Statement

                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                  Vendor References

                                                                                                                                                                    View all 85 vendors View less vendors


                                                                                                                                                                    CVSS Metrics

                                                                                                                                                                    Group Score Vector
                                                                                                                                                                    Base 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P
                                                                                                                                                                    Temporal 4.2 E:POC/RL:OF/RC:C
                                                                                                                                                                    Environmental 4.2 CDP:N/TD:H/CR:ND/IR:ND/AR:ND

                                                                                                                                                                    References

                                                                                                                                                                    Acknowledgements

                                                                                                                                                                    The NTP Project credits Miroslav Lichvar of Red Hat for reporting these issues.

                                                                                                                                                                    This document was written by Joel Land.

                                                                                                                                                                    Other Information

                                                                                                                                                                    CVE IDs: CVE-2015-1798, CVE-2015-1799
                                                                                                                                                                    Date Public: 2015-04-07
                                                                                                                                                                    Date First Published: 2015-04-07
                                                                                                                                                                    Date Last Updated: 2015-04-10 18:36 UTC
                                                                                                                                                                    Document Revision: 18

                                                                                                                                                                    Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.