CVE-2016-1547 — Improper Input Validation in NTP

CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference CWE-787 — Out-of-bounds Write32 documents12 sources

Severity

7.5HIGHNVD

NVD5.3OSV6.5OSV5.3

EPSS

3.7%

top 12.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP Novell Suse Manager +7 more

Timeline

PublishedJan 6

Latest updateMay 13

Description

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages12 packages

▶debiandebian/ntp< ntp 1:4.2.8p7+dfsg-1 (bullseye)+1

▶Debianntp/ntp< 1:4.2.8p7+dfsg-1+1

▶Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10+1

▶NVDntp/ntp4.2.8+2

▶NVDopensuse/leap42.1

🔴Vulnerability Details

GHSA

GHSA-3mq4-x52h-fcwc: ntpd in NTP before 4↗2022-05-13

▶

GHSA

GHSA-hqqw-v32x-33cf: An off-path attacker can cause a preemptible client association to be demobilized in NTP 4↗2022-05-13

▶

OSV

CVE-2016-1547: An off-path attacker can cause a preemptible client association to be demobilized in NTP 4↗2017-01-06

▶

OSV

ntp vulnerabilities↗2016-10-05

▶

OSV

CVE-2016-4957: ntpd in NTP before 4↗2016-07-05

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC NET CP 443-1 OPC UA↗2021-06-08

▶

CISA ICS

Siemens TIM 4R-IE Devices↗2021-04-13

▶

Ubuntu

NTP vulnerabilities↗2016-10-05

▶

Red Hat

libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c↗2016-06-15

▶

Red Hat

ntp: crypto-NAK DoS (incorrect fix for CVE-2016-1547)↗2016-06-02

▶

🕵️Threat Intelligence

Fortinet

Analysis of Vulnerability CVE-2016-4957 in NTPD↗2016-06-20

▶

Talos

Vulnerability Spotlight: Further NTPD Vulnerabilities↗2016-04-27

▶

Talos

Vulnerability Spotlight: Further NTPD Vulnerabilities↗2016-04-27

▶

💬Community

Bugzilla

CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c↗2016-06-15

▶

Bugzilla

CVE-2016-4953 ntp: bad authentication demobilizes ephemeral associations↗2016-05-30

▶

Bugzilla

CVE-2016-4957 ntp: crypto-NAK DoS (incorrect fix for CVE-2016-1547)↗2016-05-30

▶

Bugzilla

CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service↗2016-04-28

▶

Bugzilla

CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function↗2016-04-08

▶