Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1549

Опубликовано: 26 апр. 2016
Источник: redhat
CVSS2: 3.5

Описание

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Отчет

Red Hat Product Security has rated this issue as having Low security impact: to exploit this issue, an attacker must have access to a trustedkey if one is configured in the /etc/ntp.key file. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Меры по смягчению последствий

Assure only trusted hosts have access to the trustedkey.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ntpWill not fix
Red Hat Enterprise Linux 6ntpWill not fix
Red Hat Enterprise Linux 7ntpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1331463ntp: ephemeral association time spoofing

3.5 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1549

CVSS3: 6.5
ubuntu
около 9 лет назад

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

nvd логотип

CVE-2016-1549

CVSS3: 6.5
nvd
около 9 лет назад

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

debian логотип

CVE-2016-1549

CVSS3: 6.5
debian
около 9 лет назад

A malicious authenticated peer can create arbitrarily-many ephemeral a ...

github логотип

GHSA-r89j-r995-h68w

CVSS3: 6.5
github
больше 3 лет назад

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

fstec логотип

BDU:2021-00093

CVSS3: 6.5
fstec
около 9 лет назад

Уязвимость сетевого протокола NTP, связанная с ошибкой при обработке данных, позволяющая нарушителю оказать воздействие на целостность данных

3.5 Low

CVSS2