Vulnerability & Exploit Database

Back to search

Amazon Linux AMI: Security patch for ntp (ALAS-2016-649) (multiple CVEs)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) January 26, 2016 February 12, 2016 March 21, 2018

Description

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

amazon-linux-upgrade-ntp

Related Vulnerabilities