CVE-2016-1550Sensitive Information Exposure in Project Ntpsec

CWE-200Sensitive Information Exposure16 documents11 sources
Severity
5.3MEDIUMNVD
OSV6.5
EPSS
3.1%
top 13.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
NTPDebian NTPNTP Project NTP+1 more
Timeline
PublishedJan 6
Latest updateMay 13

Description

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

CVEListV5ntpsec_project/ntpseca5fb34b9cc89b92a8fef2f459004865c93bb7f92
debiandebian/ntp< ntp 1:4.2.8p7+dfsg-1 (bullseye)
Debianntp/ntp< 1:4.2.8p7+dfsg-1
Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10+1
NVDntp/ntp4.2.8

🔴Vulnerability Details

3
GHSA
GHSA-vg2m-563f-34vv: An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 42022-05-13
OSV
CVE-2016-1550: An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 42017-01-06
OSV
ntp vulnerabilities2016-10-05

📋Vendor Advisories

8
CISA ICS
Siemens SIMATIC NET CP 443-1 OPC UA2021-06-08
CISA ICS
Siemens TIM 4R-IE Devices2021-04-13
Ubuntu
NTP vulnerabilities2016-10-05
BSD
FreeBSD-SA-16:16.ntp: Multiple vulnerabilities of ntp2016-04-29
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 20162016-04-28

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Further NTPD Vulnerabilities2016-04-27
Talos
Vulnerability Spotlight: Further NTPD Vulnerabilities2016-04-27

💬Community

2
Bugzilla
CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 ntp: various flaws [fedora-all]2016-05-02
Bugzilla
CVE-2016-1550 ntp: libntp message digest disclosure2016-04-28