vulnerability
Amazon Linux AMI: CVE-2015-7974: Security patch for ntp (ALAS-2016-649)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Jan 26, 2016 | Sep 19, 2018 | Jun 22, 2020 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Jan 26, 2016
Added
Sep 19, 2018
Modified
Jun 22, 2020
Description
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Solution
amazon-linux-upgrade-ntp
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.