Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-1550

Published: 06/01/2017 Updated: 17/11/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Ntp

Vulnerability Summary

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Amazon Linux AMI: ALAS-2016-708
It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client (CVE-201 ...
Red Hat: CVE-2016-1550
A flaw was found in the way NTP's libntp performed message authentication An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest ...

Recent Articles

Time for a patch: six vulns fixed in NTP daemon
The Register • Richard Chirgwin • 28 Apr 2016

What's the time? It's time to get ill. Unless you fix these beastly flaws

Cisco has turned over a bunch of Network Time Protocol daemon (ntpd) vulnerabilities to the Linux Foundation's Core Infrastructure Initiative. The vulnerabilities, discovered during its ongoing ntpd evaluation, “allow attackers to craft UDP packets to either cause a denial of service condition or to prevent the correct time being set”, Cisco's Talos Security Intelligence and Research Group writes here. First on the list is CVE-2016-1550, described as an NTP authentication potential timing vu...

Read more...

References

CWE-200http://www.talosintelligence.com/reports/TALOS-2016-0084/http://www.securityfocus.com/bid/88261http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201607-15http://www.securitytracker.com/id/1035705http://www.debian.org/security/2016/dsa-3629https://security.netapp.com/advisory/ntap-20171004-0002/https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.aschttps://access.redhat.com/errata/RHSA-2016:1141http://rhn.redhat.com/errata/RHSA-2016-1552.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-103-11https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfhttp://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.htmlhttp://www.securityfocus.com/archive/1/538233/100/0/threadedhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlhttps://www.debian.org/security/2016/dsa-3629https://www.kb.cert.org/vuls/id/718152http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.htmlhttp://www.ubuntu.com/usn/USN-3096-1http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpdhttp://www.securityfocus.com/archive/1/archive/1/538233/100/0/threadedhttps://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19https://usn.ubuntu.com/3096-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/718152
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook