PT-2016-4857 · Ntpsec+8 · Ntpsec+10

Loganaden Velvindron

Publicado

2016-04-28

Atualizado

2025-04-20

CVE-2016-1550

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92

Description An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the message digest key. This could potentially be exploited by sending a series of crafted messages.

Recommendations For ntp version 4.2.8p4, consider updating to a version where this issue is resolved, as the current version is affected. For NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92, restrict access to the message authentication functionality until a patch is available. As a temporary workaround, consider disabling the message authentication functionality in libntp until a patch is available.

Correção

DoS

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CESA-2016_1141

CVE-2016-1550

DLA-559-1

DSA-3629-1

MGASA-2016-0174

OPENSUSE-SU-2016_1329-1

OPENSUSE-SU-2024:10181-1

RHSA-2016:1141

RHSA-2016:1552

RHSA-2016_1141

SUSE-SU-2016:1278-1

SUSE-SU-2016:1291-1

SUSE-SU-2016:1471-1

SUSE-SU-2016:1568-1

USN-3096-1

Produtos afetados

Centos

Cisco Ios Xr

Cisco Nexus

Fortios

Freebsd

Ntpsec

Red Hat

Suse

Ubuntu

Libntp

Ntp

PT-2016-4857 · Ntpsec+8 · Ntpsec+10

CVE-2016-1550

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 160