CVE-2015-1799

Name of the Vulnerable Software and Affected Versions NTP versions 3.x through 4.2.8p1 NTP version 4.2.8p2 is not affected, as it is the fixed version, so all versions prior to 4.2.8p2 are vulnerable.

Description The issue allows man-in-the-middle attackers to cause a denial of service, specifically synchronization loss, by spoofing the source IP address of a peer. This is due to the symmetric-key feature in the receive function performing state-variable updates upon receiving certain invalid packets. An attacker could exploit this by sending specially-crafted packets to both peering hosts, preventing synchronization.

Recommendations For NTP versions 3.x through 4.2.8p1, update to version 4.2.8p2 or later to resolve the issue. As a temporary workaround, consider restricting access to the symmetric key authentication feature until a patch is available. Avoid using symmetric key authentication in the affected API endpoint until the issue is resolved.