QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1547

Published: Jan 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Vendor	Product	Versions
NTP Project	NTP	affected `4.2.8p3` affected `4.2.8p4`
NTPsec Project	NTPSec	affected `a5fb34b9cc89b92a8fef2f459004865c93bb7f92`

References

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20171004-0002/

x_refsource_CONFIRM

http://www.talosintelligence.com/reports/TALOS-2016-0081/

x_refsource_MISC

FreeBSD-SA-16:16

vendor-advisory

x_refsource_FREEBSD

vendor-advisory

x_refsource_GENTOO

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

x_refsource_CONFIRM

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

x_refsource_CONFIRM

https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.