CVE-2016-1548

Sažetak

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

Reference

http://www.talosintelligence.com/reports/TALOS-2016-0082/
http://www.securityfocus.com/bid/88264
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1035705
http://www.debian.org/security/2016/dsa-3629
https://security.netapp.com/advisory/ntap-20171004-0002/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://access.redhat.com/errata/RHSA-2016:1141
http://rhn.redhat.com/errata/RHSA-2016-1552.html
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
http://www.securityfocus.com/archive/1/538233/100/0/threaded
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
https://www.debian.org/security/2016/dsa-3629
https://www.kb.cert.org/vuls/id/718152
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
http://www.ubuntu.com/usn/USN-3096-1
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

17-11-2021 - 22:15

Objavljeno

06-01-2017 - 21:59