Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2016-1549

Published: 06/01/2017 Updated: 28/03/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Ntp

Vulnerability Summary

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and previous versions and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

Vendor Advisories

Amazon Linux AMI: ALAS-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Red Hat: CVE-2016-1549
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 428p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock ...
Arch Linux Issues:
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 428p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock ...

Recent Articles

Time for a patch: six vulns fixed in NTP daemon
The Register • Richard Chirgwin • 28 Apr 2016

What's the time? It's time to get ill. Unless you fix these beastly flaws

Cisco has turned over a bunch of Network Time Protocol daemon (ntpd) vulnerabilities to the Linux Foundation's Core Infrastructure Initiative. The vulnerabilities, discovered during its ongoing ntpd evaluation, “allow attackers to craft UDP packets to either cause a denial of service condition or to prevent the correct time being set”, Cisco's Talos Security Intelligence and Research Group writes here. First on the list is CVE-2016-1550, described as an NTP authentication potential timing vu...

Read more...

References

CWE-19http://www.talosintelligence.com/reports/TALOS-2016-0083/http://www.securityfocus.com/bid/88200http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201607-15http://www.securitytracker.com/id/1035705https://security.netapp.com/advisory/ntap-20171004-0002/https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.aschttps://www.synology.com/support/security/Synology_SA_18_13https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://nvd.nist.govhttps://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/https://www.kb.cert.org/vuls/id/718152
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook