Описание
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ntp | Will not fix | ||
| Red Hat Enterprise Linux 6 | ntp | Fixed | RHSA-2016:1141 | 31.05.2016 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | ntp | Fixed | RHSA-2016:1552 | 03.08.2016 |
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2016:1141 | 31.05.2016 |
Показывать по
Дополнительная информация
Статус:
2.6 Low
CVSS2
Связанные уязвимости
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
An exploitable vulnerability exists in the message authentication func ...
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
2.6 Low
CVSS2