CVE-2016-1549

Sažetak

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Reference

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/88200
http://www.securitytracker.com/id/1035705
http://www.talosintelligence.com/reports/TALOS-2016-0083/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0002/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://www.synology.com/support/security/Synology_SA_18_13

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

28-03-2018 - 01:29

Objavljeno

06-01-2017 - 21:59