PT-2017-8050 · Ntf+3 · Ntp+3

Yihan Lian

Publicado

2016-05-11

Atualizado

2024-06-15

CVE-2016-2517

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NTP versions 4.2.8p7 and earlier, 4.3.x before 4.3.92

Description The issue allows remote attackers to cause a denial of service by preventing subsequent authentication. This is achieved by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. The vulnerability exists due to a regression of a previous issue.

Recommendations For NTP versions 4.2.8p7 and earlier: update to version 4.2.8p7 or later. For NTP versions 4.3.x before 4.3.92: update to version 4.3.92 or later. As a temporary workaround, consider restricting access to the ntpd service to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-2335

CVE-2016-2517

OPENSUSE-SU-2016_1329-1

OPENSUSE-SU-2024:10181-1

SUSE-SU-2016:1278-1

SUSE-SU-2016:1291-1

SUSE-SU-2016:1471-1

SUSE-SU-2016:1568-1

Produtos afetados

Alt Linux

Freebsd

Ntp

Suse

PT-2017-8050 · Ntf+3 · Ntp+3

CVE-2016-2517

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 105