CVE-2016-1549 — Ntpsec vulnerability

CWE-1918 documents9 sources

Severity

6.5MEDIUMNVD

NVD5.3

EPSS

1.0%

top 23.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP HPE Hpux-ntp Synology Diskstation Manager +6 more

Timeline

PublishedJan 6

Latest updateMay 14

Description

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

▶debiandebian/ntpsec< ntp 1:4.2.8p11+dfsg-1 (bullseye)

▶NVDntp/ntp4.2.0 — 4.2.8+2

▶debiandebian/ntp< ntp 1:4.2.8p7+dfsg-1 (bullseye)+1

▶NVDhpe/hpux-ntp< c.4.2.8.4.0

▶NVDsynology/skynas< 6.1.5-15254

🔴Vulnerability Details

GHSA

GHSA-r89j-r995-h68w: A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4↗2022-05-14

▶

GHSA

GHSA-v9cv-3r4j-cx4j: ntpd in ntp 4↗2022-05-13

▶

OSV

CVE-2018-7170: ntpd in ntp 4↗2018-03-06

▶

OSV

CVE-2016-1549: A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4↗2017-01-06

▶

📋Vendor Advisories

Red Hat

ntp: Ephemeral association time spoofing additional protection↗2018-02-27

▶

Debian

CVE-2018-7170: ntp - ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated us...↗2018

▶

BSD

FreeBSD-SA-16:16.ntp: Multiple vulnerabilities of ntp↗2016-04-29

▶

Cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016↗2016-04-28

▶

Red Hat

ntp: ephemeral association time spoofing↗2016-04-26

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Further NTPD Vulnerabilities↗2016-04-27

▶

Talos

Vulnerability Spotlight: Further NTPD Vulnerabilities↗2016-04-27

▶

💬Community

Bugzilla

CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection↗2018-02-28

▶

Bugzilla

CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 ntp: various flaws [fedora-all]↗2016-05-02

▶

Bugzilla

CVE-2016-1549 ntp: ephemeral association time spoofing↗2016-04-28

▶