CVE-2016-3988

Name of the Vulnerable Software and Affected Versions Meinberg IMS-LANTIME M3000 versions prior to 6.20.004 Meinberg IMS-LANTIME M1000 versions prior to 6.20.004 Meinberg IMS-LANTIME M500 versions prior to 6.20.004 Meinberg LANTIME M900 versions prior to 6.20.004 Meinberg LANTIME M600 versions prior to 6.20.004 Meinberg LANTIME M400 versions prior to 6.20.004 Meinberg LANTIME M300 versions prior to 6.20.004 Meinberg LANTIME M200 versions prior to 6.20.004 Meinberg LANTIME M100 versions prior to 6.20.004 Meinberg SyncFire 1100 versions prior to 6.20.004 Meinberg LCES versions prior to 6.20.004

Description The issue is related to multiple stack-based buffer overflows in the NTP time-server interface. This allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a "POST" request.

Recommendations For Meinberg IMS-LANTIME M3000 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg IMS-LANTIME M1000 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg IMS-LANTIME M500 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LANTIME M900 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LANTIME M600 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LANTIME M400 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LANTIME M300 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LANTIME M200 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LANTIME M100 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg SyncFire 1100 versions prior to 6.20.004, update the firmware to version 6.20.004 or later. For Meinberg LCES versions prior to 6.20.004, update the firmware to version 6.20.004 or later.