CVE-2016-1567

Published: Jan 26, 2016Modified: May 6, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Affected (5)

Products: Tuxfamily: Chrony

Tuxfamily

1 product

Chrony

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Tuxfamily Chrony	Up to 1.31.1
Tuxfamily Chrony	Version 2.0
Tuxfamily Chrony	Version 2.1.1
Tuxfamily Chrony	Version 2.1
Tuxfamily Chrony	Version 2.2

Related CWEs

CWE-254

References (8)

http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released

Source: cve@mitre.org

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176559.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html

Source: cve@mitre.org

Patch

http://www.talosintel.com/reports/TALOS-2016-0071/

Source: cve@mitre.org

Exploit

http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176559.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.talosintel.com/reports/TALOS-2016-0071/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.