Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-1548

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 06 янв. 2017
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 6.4
CVSS3: 7.2

ОписаниС

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

1:4.2.8p4+dfsg-3ubuntu6
esm-infra-legacy/trusty

released

1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
esm-infra/xenial

released

1:4.2.8p4+dfsg-3ubuntu5.3
precise

released

1:4.2.6.p3+dfsg-1ubuntu3.11
precise/esm

not-affected

1:4.2.6.p3+dfsg-1ubuntu3.11
trusty

released

1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
trusty/esm

released

1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
upstream

released

1:4.2.8p7+dfsg-1
vivid/stable-phone-overlay

ignored

end of life
vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 84%
0.02108
Низкий

6.4 Medium

CVSS2

7.2 High

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-1548

redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 10 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-1548

CVSS3: 7.2
nvd
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-1548

CVSS3: 7.2
debian
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An attacker can spoof a packet from a legitimate ntpd server with an o ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-fp4r-m88r-wmm8

CVSS3: 7.2
github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2016-1141

oracle-oval
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ELSA-2016-1141: ntp security update (MODERATE)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 84%
0.02108
Низкий

6.4 Medium

CVSS2

7.2 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2016-1548