Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-1547

Published: 06/01/2017 Updated: 17/11/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and previous versions and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Red Hat: CVE-2016-1547
A denial of service flaw was found in the way NTP handled preemptable client associations A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time ...

Recent Articles

Time for a patch: six vulns fixed in NTP daemon
The Register • Richard Chirgwin • 28 Apr 2016

What's the time? It's time to get ill. Unless you fix these beastly flaws

Cisco has turned over a bunch of Network Time Protocol daemon (ntpd) vulnerabilities to the Linux Foundation's Core Infrastructure Initiative. The vulnerabilities, discovered during its ongoing ntpd evaluation, “allow attackers to craft UDP packets to either cause a denial of service condition or to prevent the correct time being set”, Cisco's Talos Security Intelligence and Research Group writes here. First on the list is CVE-2016-1550, described as an NTP authentication potential timing vu...

Read more...

References

CWE-20http://www.talosintelligence.com/reports/TALOS-2016-0081/http://www.securityfocus.com/bid/88276http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201607-15http://www.securitytracker.com/id/1035705http://www.debian.org/security/2016/dsa-3629https://security.netapp.com/advisory/ntap-20171004-0002/https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.aschttps://access.redhat.com/errata/RHSA-2016:1141http://rhn.redhat.com/errata/RHSA-2016-1552.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-103-11https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfhttps://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19https://usn.ubuntu.com/3096-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/718152
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook