CVE-2016-1548

Published: Jan 6, 2017Modified: May 6, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.7

Source: NVD

Description

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

Affected (1)

Products: Ntp: Ntp

Ntp

1 product

Ntp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	Version 4.2.8 p4

Related CWEs

CWE-19

References (68)

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html

Source: cret@cert.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Source: cret@cert.org

http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html

Source: cret@cert.org

http://rhn.redhat.com/errata/RHSA-2016-1552.html

Source: cret@cert.org

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

Source: cret@cert.org

http://www.debian.org/security/2016/dsa-3629

Source: cret@cert.org

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: cret@cert.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: cret@cert.org

http://www.securityfocus.com/archive/1/538233/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/bid/88264

Source: cret@cert.org

http://www.securitytracker.com/id/1035705

Source: cret@cert.org

http://www.talosintelligence.com/reports/TALOS-2016-0082/

Source: cret@cert.org

ExploitThird Party Advisory

http://www.ubuntu.com/usn/USN-3096-1

Source: cret@cert.org

https://access.redhat.com/errata/RHSA-2016:1141

Source: cret@cert.org

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Source: cret@cert.org

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Source: cret@cert.org

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc

Source: cret@cert.org

https://security.gentoo.org/glsa/201607-15

Source: cret@cert.org

https://security.netapp.com/advisory/ntap-20171004-0002/

Source: cret@cert.org

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Source: cret@cert.org

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Source: cret@cert.org

https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

Source: cret@cert.org

https://www.debian.org/security/2016/dsa-3629

Source: cret@cert.org

https://www.kb.cert.org/vuls/id/718152

Source: cret@cert.org

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082

Source: cret@cert.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html