CVE Vulnerabilities

CVE-2016-4953

Improper Authentication

Published: Jul 05, 2016 | Modified: Jul 16, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.8 4.2.8
Ntp Ntp 4.2.0 *
Ntp Ntp 4.3.0 *

Potential Mitigations

References