vulnerability
Ubuntu: (CVE-2016-1567): chrony vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jan 26, 2016 | Nov 19, 2024 | Aug 19, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jan 26, 2016
Added
Nov 19, 2024
Modified
Aug 19, 2025
Description
Matt Street discovered that chrony doesn't verify peer associations of symmetric keys. A remote attacker could use this vulnerability impersonate another user.
Solution
ubuntu-upgrade-chrony
References
- CVE-2016-1567
- https://attackerkb.com/topics/CVE-2016-1567
- URL-http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html
- URL-http://www.talosintel.com/reports/TALOS-2016-0071/
- URL-https://www.cve.org/CVERecord?id=CVE-2016-1567
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.