VDB
CVE-2016-1567
CVE-2016-1567
PUBLISHED
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
EPSS 0.41% · 61.9th percentile
Risk Scores
EPSS Score
0.41%
61.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | chrony | 0, 1.30-2, 1.31.1-2 |
| Ubuntu:14.04:LTS | chrony | 1.29-1, 1.26-4, 0 |
Exploit Intelligence
- http://www.talosintel.com/reports/TALOS-2016-0071/ (vulncheck-nvd)
Timeline
- Jan 26, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-1567 third-party-advisory
- http://www.talosintel.com/reports/TALOS-2016-0071/ third-party-advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html third-party-advisory
- http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-1567 third-party-advisory