CVE-2016-1551Project Ntpsec vulnerability

CWE-25418 documents8 sources
Severity
3.7LOWNVD
EPSS
1.0%
top 23.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
NTP Project NTPNtpsec Project NtpsecNTP+2 more
Timeline
PublishedJan 27
Latest updateMay 17

Description

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typic

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages5 packages

NVDntpsec/ntpseca5fb34b9cc89b92a8fef2f459004865c93bb7f92
CVEListV5ntpsec_project/ntpsec3e160db8dc248a0bcb053b56a80167dc742d2b74, a5fb34b9cc89b92a8fef2f459004865c93bb7f92+1
NVDntp/ntp4.2.8
debiandebian/ntp
CVEListV5ntp_project/ntp4.2.8p3, 4.2.8p4+1

🔴Vulnerability Details

1
GHSA
GHSA-xhrh-m85j-g7hf: ntpd in NTP 42022-05-17

📋Vendor Advisories

5
BSD
FreeBSD-SA-16:16.ntp: Multiple vulnerabilities of ntp2016-04-29
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 20162016-04-28
Red Hat
ntp: ntpd reference clock impersonation2016-04-26
Debian
CVE-2016-1551: ntp - ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies o...2016
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Further NTPD Vulnerabilities2016-04-27
Talos
Vulnerability Spotlight: Further NTPD Vulnerabilities2016-04-27

💬Community

9
Bugzilla
CVE-2016-5252 Mozilla: Stack underflow during 2D graphics rendering (MFSA 2016-67)2016-08-01
Bugzilla
CVE-2016-5263 Mozilla: Type confusion in display transformation (MFSA 2016-78)2016-08-01
Bugzilla
CVE-2016-5264 Mozilla: Use-after-free when applying SVG effects (MFSA 2016-79)2016-08-01
Bugzilla
CVE-2016-5258 Mozilla: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72)2016-08-01
Bugzilla
CVE-2016-5259 Mozilla: Use-after-free in service workers with nested sync events (MFSA 2016-73)2016-08-01