PT-2016-4856 · Ntpsec+7 · Ntpsec+7

Jonathan Gardner

Published

2016-04-28

Updated

2025-04-20

CVE-2016-1548

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions NTP versions 4.2.8p4 and earlier NTPSec version aa48d001683e5b791a743ec9c575aaf7d867a2b0c

Description An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. This allows the attacker to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. After making this switch, the client will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed.

Recommendations For NTP versions 4.2.8p4 and earlier, consider updating to a newer version to mitigate the risk. For NTPSec version aa48d001683e5b791a743ec9c575aaf7d867a2b0c, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the ntpd server to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CESA-2016_1141

CVE-2016-1548

DLA-559-1

DSA-3629-1

MGASA-2016-0174

OPENSUSE-SU-2016_1329-1

OPENSUSE-SU-2024:10181-1

RHSA-2016:1141

RHSA-2016:1552

RHSA-2016_1141

SUSE-SU-2016:1278-1

SUSE-SU-2016:1291-1

SUSE-SU-2016:1471-1

SUSE-SU-2016:1568-1

USN-3096-1

Affected Products

Centos

Cisco Nexus

Freebsd

Ntp

Ntpsec

Red Hat

Suse

Ubuntu

PT-2016-4856 · Ntpsec+7 · Ntpsec+7

CVE-2016-1548

Weakness Enumeration

Related Identifiers

Affected Products

References · 161