CVE-2016-3989

Name of the Vulnerable Software and Affected Versions Meinberg IMS-LANTIME M3000 versions prior to 6.20.004 Meinberg IMS-LANTIME M1000 versions prior to 6.20.004 Meinberg IMS-LANTIME M500 versions prior to 6.20.004 Meinberg LANTIME M900 versions prior to 6.20.004 Meinberg LANTIME M600 versions prior to 6.20.004 Meinberg LANTIME M400 versions prior to 6.20.004 Meinberg LANTIME M300 versions prior to 6.20.004 Meinberg LANTIME M200 versions prior to 6.20.004 Meinberg LANTIME M100 versions prior to 6.20.004 Meinberg SyncFire 1100 versions prior to 6.20.004 Meinberg LCES versions prior to 6.20.004

Description The issue allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. This is related to the NTP time-server interface.

Recommendations For Meinberg IMS-LANTIME M3000 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg IMS-LANTIME M1000 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg IMS-LANTIME M500 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LANTIME M900 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LANTIME M600 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LANTIME M400 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LANTIME M300 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LANTIME M200 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LANTIME M100 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg SyncFire 1100 versions prior to 6.20.004, update to firmware version 6.20.004 or later. For Meinberg LCES versions prior to 6.20.004, update to firmware version 6.20.004 or later.