Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2016-1549

Published: Jan 06, 2017 | Modified: Mar 28, 2018
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
RedHat/V3
Ubuntu
NEGLIGIBLE
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-1549
CWEhttps://cwe.mitre.org/data/definitions/19.html

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victims clock.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp 4.2.8-p4 (including) 4.2.8-p4 (including)
Ntp Ubuntu devel *
Ntp Ubuntu esm-infra-legacy/trusty *
Ntp Ubuntu esm-infra/xenial *
Ntp Ubuntu precise *
Ntp Ubuntu trusty *
Ntp Ubuntu trusty/esm *
Ntp Ubuntu upstream *
Ntp Ubuntu vivid/stable-phone-overlay *
Ntp Ubuntu wily *
Ntp Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use