PT-2016-4863 · Chrony+1 · Chrony+1

Matt Street

Published

2016-01-26

Updated

2024-06-15

CVE-2016-1567

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions chrony versions prior to 1.31.2 chrony versions 2.x prior to 2.2.1

Description The issue allows remote attackers to conduct impersonation attacks via an arbitrary trusted key. This is due to the lack of verification of peer associations of symmetric keys when authenticating packets.

Recommendations For chrony versions prior to 1.31.2, update to version 1.31.2 or later. For chrony versions 2.x prior to 2.2.1, update to version 2.2.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

ALT-PU-2017-1975

CVE-2016-1567

DLA-414-1

DLA-742-1

MGASA-2016-0038

OPENSUSE-SU-2024:10345-1

Affected Products

Alt Linux

Chrony

PT-2016-4863 · Chrony+1 · Chrony+1

CVE-2016-1567

Weakness Enumeration

Related Identifiers

Affected Products

References · 19