CVE-2015-7974

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-7974

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-7974.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2015-7974

Downstream

DEBIAN-CVE-2015-7974

DLA-559-1

DSA-3629-1

RHSA-2016:2583

SUSE-SU-2016:1175-1

SUSE-SU-2016:1177-1

SUSE-SU-2016:1247-1

SUSE-SU-2016:1278-1

SUSE-SU-2016:1291-1

SUSE-SU-2016:1311-1

SUSE-SU-2016:1471-1

SUSE-SU-2016:1568-1

UBUNTU-CVE-2015-7974

USN-3096-1

openSUSE-SU-2024:10181-1

Related

Published

2016-01-26T19:59:00Z

Modified

2025-04-12T10:46:40Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

References

Affected packages