CVE-2016-1548 — Linux Enterprise Server vulnerability

CWE-1922 documents11 sources

Severity

7.2HIGHNVD

NVD5.3OSV6.5

EPSS

2.1%

top 16.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP Novell Suse Manager +7 more

Timeline

PublishedJan 6

Latest updateMay 13

Description

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.7

Affected Packages12 packages

▶NVDsuse/linux_enterprise_server11, 12+1

▶NVDntp/ntp4.2.0 — 4.2.8+2

▶debiandebian/ntp< ntp 1:4.2.8p8+dfsg-1 (bullseye)+1

▶Debianntp/ntp< 1:4.2.8p8+dfsg-1+1

▶Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10+1

🔴Vulnerability Details

GHSA

GHSA-fp4r-m88r-wmm8: An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server↗2022-05-13

▶

GHSA

GHSA-3cjf-rf3w-p8j9: ntpd in NTP 4↗2022-05-13

▶

OSV

CVE-2016-1548: An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server↗2017-01-06

▶

OSV

ntp vulnerabilities↗2016-10-05

▶

OSV

CVE-2016-4956: ntpd in NTP 4↗2016-07-05

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC NET CP 443-1 OPC UA↗2021-06-08

▶

CISA ICS

Siemens TIM 4R-IE Devices↗2021-04-13

▶

Ubuntu

NTP vulnerabilities↗2016-10-05

▶

Red Hat

ntp: broadcast interleave (incomplete fix for CVE-2016-1548)↗2016-06-02

▶

BSD

FreeBSD-SA-16:16.ntp: Multiple vulnerabilities of ntp↗2016-04-29

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Further NTPD Vulnerabilities↗2016-04-27

▶

Talos

Vulnerability Spotlight: Further NTPD Vulnerabilities↗2016-04-27

▶

💬Community

Bugzilla

CVE-2016-4956 ntp: broadcast interleave (incomplete fix for CVE-2016-1548)↗2016-05-30

▶

Bugzilla

CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 ntp: various flaws [fedora-all]↗2016-05-02

▶

Bugzilla

CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets↗2016-04-28

▶