CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
GitLabCNA
4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
ntpsecntpsec
1.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntpsec
bullseye
1.2.0+dfsg1-4
fixed
buster
not-affected
bookworm
1.2.2+dfsg1-1+deb12u1
fixed
bookworm (security)
1.2.2+dfsg1-1+deb12u1
fixed
sid
1.2.3+dfsg1-3
fixed
trixie
1.2.3+dfsg1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntpsec
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
bionic
needs-triage
xenial
ignored
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1955859
https://gitlab.com/NTPsec/ntpsec/-/issues/699
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22212.json
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GIT2HYL5BQXPGKI6ZDNG473IEQ5WQF2/
https://bugzilla.redhat.com/show_bug.cgi?id=1955859
https://gitlab.com/NTPsec/ntpsec/-/issues/699
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22212.json
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GIT2HYL5BQXPGKI6ZDNG473IEQ5WQF2/