Vulnerability CVE-2016-1567: Information

Description

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1567
Published: Jan. 26, 2016
Modified: Dec. 6, 2016
Error type identifier: CWE-254

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chronysisyphus3.1-alt1.S14.5-alt2ALT-PU-2017-1975-1186595Fixed
chronyp103.1-alt1.S14.5-alt1ALT-PU-2017-1975-1186595Fixed
chronyp93.1-alt1.S14.1-alt1ALT-PU-2017-1975-1186595Fixed
chronyp83.1-alt1.M80P.13.5.1-alt1ALT-PU-2017-2011-1186598Fixed
chronyc10f13.1-alt1.S14.3-alt1ALT-PU-2017-1975-1186595Fixed
chronyc9f23.1-alt1.S13.5.1-alt1ALT-PU-2017-1975-1186595Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
FEDORA-2016-6a0b0ab775
  • Patch
http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released
  • Vendor Advisory
http://www.talosintel.com/reports/TALOS-2016-0071/
  • Exploit
FEDORA-2016-6f783d1768

      1. Configuration 1

        cpe:2.3:a:tuxfamily:chrony:2.1:*:*:*:*:*:*:*
        cpe:2.3:a:tuxfamily:chrony:2.2:*:*:*:*:*:*:*
        cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
        End including
        1.31.1
        cpe:2.3:a:tuxfamily:chrony:2.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:tuxfamily:chrony:2.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top