CVE-2016-1547

Опубликовано: 26 апр. 2016

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	ntp	Will not fix
Red Hat Enterprise Linux 6	ntp	Fixed	RHSA-2016:1141	31.05.2016
Red Hat Enterprise Linux 6.7 Extended Update Support	ntp	Fixed	RHSA-2016:1552	03.08.2016
Red Hat Enterprise Linux 7	ntp	Fixed	RHSA-2016:1141	31.05.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1331461ntp: crypto-NAK preemptable association denial of service

EPSS

Процентиль: 82%

0.01884

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-1547

CVSS3: 5.3

ubuntu

больше 8 лет назад

CVE-2016-1547

CVSS3: 5.3

nvd

больше 8 лет назад

CVE-2016-1547

CVSS3: 5.3

debian

больше 8 лет назад

An off-path attacker can cause a preemptible client association to be ...

GHSA-hqqw-v32x-33cf

CVSS3: 5.3

github

больше 3 лет назад

ELSA-2016-1141

oracle-oval

около 9 лет назад

ELSA-2016-1141: ntp security update (MODERATE)

EPSS

Процентиль: 82%

0.01884

Низкий

4.3 Medium

CVSS2