Mandriva Linux Security Advisory 2015-202

Discussion in 'News Aggregator' started by Packet Storm, 13 Apr 2015.

  1. Packet Storm

    Packet Storm Guest

    Mandriva Linux Security Advisory 2015-202 - The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service by spoofing the source IP address of a peer. The updated packages provides a solution for these security issues.

    Continue reading...
     
    #1 Packet Storm, 13 Apr 2015
(You must log in or sign up to post here.)

Share This Page

Loading...