QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1549

Published: Jan 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Vendor	Product	Versions
NTP Project	NTP	affected `4.2.8p3` affected `4.2.8p4`
NTPsec Project	NTPSec	affected `3e160db8dc248a0bcb053b56a80167dc742d2b74` affected `a5fb34b9cc89b92a8fef2f459004865c93bb7f92`

References

http://www.talosintelligence.com/reports/TALOS-2016-0083/

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20171004-0002/

x_refsource_CONFIRM

FreeBSD-SA-16:16

vendor-advisory

x_refsource_FREEBSD

https://www.synology.com/support/security/Synology_SA_18_13

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.