Launchpad CVE tracker

CVE 2015-7974

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Related bugs and status

CVE-2015-7974 (Candidate) is related to these bugs:

Bug #1528050: NTP statsdir cleanup cronjob insecure

		In	Importance	Status
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu)	Undecided	Fix Released
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Wily)	Undecided	Won't Fix
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Xenial)	Undecided	Fix Released

Bug #1567540: ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)

		In	Importance	Status
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	ntp (Ubuntu)	High	Fix Released
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	NTP	High	Fix Released
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	ntp (Ubuntu Xenial)	High	Fix Released

Bug #1582767: apparmor permissions missing for winbind

		In	Importance	Status
1582767	apparmor permissions missing for winbind	ntp (Ubuntu)	Medium	Fix Released
1582767	apparmor permissions missing for winbind	ntp (Ubuntu Xenial)	Undecided	Won't Fix
1582767	apparmor permissions missing for winbind	ntp (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-7974

References