CVE-2016-1549

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions ntpd versions prior to 4.2.8p4 NTPsec versions prior to a5fb34b9cc89b92a8fef2f459004865c93bb7f92

Description A malicious authenticated peer can exploit an issue in the clock selection algorithm to modify a victim's clock. The issue is related to the handling of ephemeral associations, allowing an attacker to create multiple associations and influence the clock selection. This can potentially impact the integrity of data.

Recommendations For ntpd versions prior to 4.2.8p4, update to a version later than 4.2.8p4 to resolve the issue. For NTPsec versions prior to a5fb34b9cc89b92a8fef2f459004865c93bb7f92, update to a version later than a5fb34b9cc89b92a8fef2f459004865c93bb7f92 to resolve the issue.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

ALT-PU-2018-1361

BDU:2021-00093

CVE-2016-1549

MGASA-2018-0195

OPENSUSE-SU-2016_1329-1

OPENSUSE-SU-2024:10181-1

SUSE-SU-2016:1278-1

SUSE-SU-2016:1291-1

SUSE-SU-2016:1471-1

SUSE-SU-2016:1568-1

SUSE-SU-2018:0808-1

SUSE-SU-2018:0956-1

SUSE-SU-2018:1464-1

SUSE-SU-2018:1765-1

SUSE-SU-2018:1765-2

Affected Products

Alt Linux

Cisco Ios Xr

Cisco Nexus

Freebsd

Ibm Aix

Ntpsec

Suse

Ntpd

CVE-2016-1549

Weakness Enumeration

Related Identifiers

Affected Products

References · 140