CVE-2016-1547

Published: Jan 6, 2017Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Affected (1)

Products: Ntp: Ntp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	Up to 4.2.8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (30)

http://rhn.redhat.com/errata/RHSA-2016-1552.html

Source: cret@cert.org

http://www.debian.org/security/2016/dsa-3629

Source: cret@cert.org

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: cret@cert.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: cret@cert.org

http://www.securityfocus.com/bid/88276

Source: cret@cert.org

http://www.securitytracker.com/id/1035705

Source: cret@cert.org

http://www.talosintelligence.com/reports/TALOS-2016-0081/

Source: cret@cert.org

MitigationTechnical DescriptionThird Party Advisory

https://access.redhat.com/errata/RHSA-2016:1141

Source: cret@cert.org

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Source: cret@cert.org

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Source: cret@cert.org

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc

Source: cret@cert.org

https://security.gentoo.org/glsa/201607-15

Source: cret@cert.org

https://security.netapp.com/advisory/ntap-20171004-0002/

Source: cret@cert.org

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Source: cret@cert.org

https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

Source: cret@cert.org

http://rhn.redhat.com/errata/RHSA-2016-1552.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3629

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/88276

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035705

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.talosintelligence.com/reports/TALOS-2016-0081/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationTechnical DescriptionThird Party Advisory

https://access.redhat.com/errata/RHSA-2016:1141

Source: af854a3a-2127-422b-91ae-364da2661108

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201607-15

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20171004-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.