ntpd in ntp 4.2.x prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ntp ntp |
||
ntp ntp 4.2.8 |
||
synology diskstation manager |
||
synology router manager |
||
synology skynas |
||
synology virtual diskstation manager |
||
synology vs960hd_firmware |
||
netapp hci - |
||
netapp solidfire - |
||
hpe hpux-ntp |