Debian Security Advisory
DLA-414-1 chrony -- LTS security update
- Date Reported:
- 12 Feb 2016
- Affected Packages:
- chrony
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 812923.
In Mitre's CVE dictionary: CVE-2016-1567. - More information:
-
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."