PT-2016-4857 · Ntpsec+8 · Ntpsec+10

Loganaden Velvindron

Published

2016-04-28

Updated

2025-04-20

CVE-2016-1550

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92

Description An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the message digest key. This could potentially be exploited by sending a series of crafted messages.

Recommendations For ntp version 4.2.8p4, consider updating to a version where this issue is resolved, as the current version is affected. For NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92, restrict access to the message authentication functionality until a patch is available. As a temporary workaround, consider disabling the message authentication functionality in libntp until a patch is available.

Fix

DoS

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2016_1141

CVE-2016-1550

DLA-559-1

DSA-3629-1

MGASA-2016-0174

OPENSUSE-SU-2016_1329-1

OPENSUSE-SU-2024:10181-1

RHSA-2016:1141

RHSA-2016:1552

RHSA-2016_1141

SUSE-SU-2016:1278-1

SUSE-SU-2016:1291-1

SUSE-SU-2016:1471-1

SUSE-SU-2016:1568-1

USN-3096-1

Affected Products

Centos

Cisco Ios Xr

Cisco Nexus

Fortios

Freebsd

Ntpsec

Red Hat

Suse

Ubuntu

Libntp

Ntp

PT-2016-4857 · Ntpsec+8 · Ntpsec+10

CVE-2016-1550

Weakness Enumeration

Related Identifiers

Affected Products

References · 160