vulnerability
NTP: Improper Input Validation (CVE-2016-1547)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 6, 2017 | Feb 23, 2023 | Mar 1, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 6, 2017
Added
Feb 23, 2023
Modified
Mar 1, 2023
Description
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
Solution
ntp-upgrade-latest
References
- BID-88276
- CVE-2016-1547
- https://attackerkb.com/topics/CVE-2016-1547
- DEBIAN-DSA-3629
- REDHAT-RHSA-2016:1141
- REDHAT-RHSA-2016:1552
- URL-http://rhn.redhat.com/errata/RHSA-2016-1552.html
- URL-http://www.debian.org/security/2016/dsa-3629
- URL-http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- URL-http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- URL-http://www.securityfocus.com/bid/88276
- URL-http://www.securitytracker.com/id/1035705
- URL-http://www.talosintelligence.com/reports/TALOS-2016-0081/
- URL-https://access.redhat.com/errata/RHSA-2016:1141
- URL-https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
- URL-https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- URL-https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
- URL-https://security.gentoo.org/glsa/201607-15
- URL-https://security.netapp.com/advisory/ntap-20171004-0002/
- URL-https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
- URL-https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.