{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-15T21:08:19.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.talosintel.com/reports/TALOS-2016-0071/"}, {"name": "DSA-3629", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3629"}, {"name": "81960", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/81960"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ntp.org/bin/view/Main/NtpBug2936"}, {"name": "1034782", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034782"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us"}, {"name": "RHSA-2016:2583", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.ntp.org/show_bug.cgi?id=2936"}, {"name": "FreeBSD-SA-16:09", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"}, {"name": "GLSA-201607-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201607-15"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7974", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.talosintel.com/reports/TALOS-2016-0071/", "refsource": "MISC", "url": "http://www.talosintel.com/reports/TALOS-2016-0071/"}, {"name": "DSA-3629", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3629"}, {"name": "81960", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81960"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us"}, {"name": "http://support.ntp.org/bin/view/Main/NtpBug2936", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug2936"}, {"name": "1034782", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034782"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us"}, {"name": "RHSA-2016:2583", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"}, {"name": "https://security.netapp.com/advisory/ntap-20171031-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"}, {"name": "http://bugs.ntp.org/show_bug.cgi?id=2936", "refsource": "CONFIRM", "url": "http://bugs.ntp.org/show_bug.cgi?id=2936"}, {"name": "FreeBSD-SA-16:09", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"}, {"name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:06:31.462Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintel.com/reports/TALOS-2016-0071/"}, {"name": "DSA-3629", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3629"}, {"name": "81960", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/81960"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ntp.org/bin/view/Main/NtpBug2936"}, {"name": "1034782", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034782"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us"}, {"name": "RHSA-2016:2583", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.ntp.org/show_bug.cgi?id=2936"}, {"name": "FreeBSD-SA-16:09", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"}, {"name": "GLSA-201607-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201607-15"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7974", "datePublished": "2016-01-26T19:00:00.000Z", "dateReserved": "2015-10-23T00:00:00.000Z", "dateUpdated": "2024-08-06T08:06:31.462Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908", "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3207DA93-AFE7-45D8-90DA-A12F6AB76293", "versionEndExcluding": "4.3.90", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""}, {"lang": "es", "value": "NTP 4.x en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no verifica las asociaciones del par de las claves sim\u00e9tricas cuando autentica paquetes, lo que podr\u00eda permitir a atacante remotos llevar a cabo ataques de suplantaci\u00f3n de identidad a trav\u00e9s de una clave de confianza arbitraria, tambi\u00e9n conocida como \"skeleton key\"."}], "id": "CVE-2015-7974", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-26T19:59:00.107", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.ntp.org/show_bug.cgi?id=2936"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.ntp.org/bin/view/Main/NtpBug2936"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3629"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/81960"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034782"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.talosintel.com/reports/TALOS-2016-0071/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201607-15"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.ntp.org/show_bug.cgi?id=2936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.ntp.org/bin/view/Main/NtpBug2936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/81960"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.talosintel.com/reports/TALOS-2016-0071/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201607-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2583", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ntp-0:4.2.6p5-25.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "ntp: missing key check allows impersonation between authenticated peers (VU#357792)", "id": "1297471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297471"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:P/A:P", "status": "verified"}, "cwe": "CWE-304", "details": ["NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A)."], "name": "CVE-2015-7974", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2016-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7974\nhttp://support.ntp.org/bin/view/Main/NtpBug2936\nhttp://www.talosintel.com/reports/TALOS-2016-0071/"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}