{"containers": {"cna": {"affected": [{"product": "NTP", "vendor": "NTP Project", "versions": [{"status": "affected", "version": "4.2.8p4"}]}, {"product": "NTPSec", "vendor": "NTPsec Project", "versions": [{"status": "affected", "version": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c"}]}], "datePublic": "2016-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-05T17:22:11", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "USN-3096-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3096-1"}, {"name": "DSA-3629", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3629"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:1141", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1141"}, {"name": "SUSE-SU-2016:1912", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"}, {"name": "88264", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/88264"}, {"name": "VU#718152", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/718152"}, {"name": "RHSA-2016:1552", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"}, {"name": "1035705", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035705"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"}, {"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"}, {"name": "FreeBSD-SA-16:16", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"}, {"name": "SUSE-SU-2016:2094", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"}, {"name": "openSUSE-SU-2016:1423", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"}, {"name": "GLSA-201607-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201607-15"}, {"name": "openSUSE-SU-2016:1329", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"}, {"name": "SUSE-SU-2016:1471", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"}, {"name": "FEDORA-2016-5b2eb0bf9c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"}, {"name": "SUSE-SU-2016:1291", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"}, {"name": "DSA-3629", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2016/dsa-3629"}, {"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"}, {"name": "SUSE-SU-2016:1568", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"}, {"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"}, {"name": "SUSE-SU-2016:1278", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"}, {"name": "FEDORA-2016-ed8c6c0426", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"}, {"tags": ["x_refsource_MISC"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1548", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NTP", "version": {"version_data": [{"version_value": "4.2.8p4"}]}}]}, "vendor_name": "NTP Project"}, {"product": {"product_data": [{"product_name": "NTPSec", "version": {"version_data": [{"version_value": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c"}]}}]}, "vendor_name": "NTPsec Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "USN-3096-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3096-1"}, {"name": "DSA-3629", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3629"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0082/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:1141", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1141"}, {"name": "SUSE-SU-2016:1912", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"}, {"name": "88264", "refsource": "BID", "url": "http://www.securityfocus.com/bid/88264"}, {"name": "VU#718152", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/718152"}, {"name": "RHSA-2016:1552", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"}, {"name": "1035705", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035705"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "https://security.netapp.com/advisory/ntap-20171004-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"}, {"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"}, {"name": "FreeBSD-SA-16:16", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"}, {"name": "SUSE-SU-2016:2094", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"}, {"name": "openSUSE-SU-2016:1423", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"}, {"name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15"}, {"name": "openSUSE-SU-2016:1329", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"}, {"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"}, {"name": "SUSE-SU-2016:1471", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"}, {"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"}, {"name": "FEDORA-2016-5b2eb0bf9c", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"}, {"name": "SUSE-SU-2016:1291", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"}, {"name": "DSA-3629", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2016/dsa-3629"}, {"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"}, {"name": "SUSE-SU-2016:1568", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"}, {"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"}, {"name": "SUSE-SU-2016:1278", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"}, {"name": "FEDORA-2016-ed8c6c0426", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"}, {"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:02:11.744Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3096-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3096-1"}, {"name": "DSA-3629", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3629"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "RHSA-2016:1141", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1141"}, {"name": "SUSE-SU-2016:1912", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"}, {"name": "88264", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/88264"}, {"name": "VU#718152", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/718152"}, {"name": "RHSA-2016:1552", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"}, {"name": "1035705", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035705"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"}, {"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"}, {"name": "FreeBSD-SA-16:16", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"}, {"name": "SUSE-SU-2016:2094", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"}, {"name": "openSUSE-SU-2016:1423", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"}, {"name": "GLSA-201607-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201607-15"}, {"name": "openSUSE-SU-2016:1329", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"}, {"name": "SUSE-SU-2016:1471", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"}, {"name": "FEDORA-2016-5b2eb0bf9c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"}, {"name": "SUSE-SU-2016:1291", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"}, {"name": "DSA-3629", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2016/dsa-3629"}, {"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"}, {"name": "SUSE-SU-2016:1568", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"}, {"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"}, {"name": "SUSE-SU-2016:1278", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"}, {"name": "FEDORA-2016-ed8c6c0426", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1548", "datePublished": "2017-01-06T21:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2024-08-05T23:02:11.744Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."}, {"lang": "es", "value": "Un atacante puede suplantar un paquete de un servidor ntpd leg\u00edtimo con una marca de tiempo de origen que coincida con la marca de tiempo peer->dst registrada para ese servidor. Despu\u00e9s de hacer este cambio, el cliente en NTP 4.2.8p4 y versiones anteriores y NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c rechazar\u00e1n todas las futuras respuestas leg\u00edtimas del servidor. Es posible forzar al cliente v\u00edctima a mover el tiempo despu\u00e9s de que el modo haya sido cambiado. ntpq no indica que el modo ha sido cambiado."}], "id": "CVE-2016-1548", "lastModified": "2021-11-17T22:15:47.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-06T21:59:00.353", "references": [{"source": "cret@cert.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"}, {"source": "cret@cert.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"}, {"source": "cret@cert.org", "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"}, {"source": "cret@cert.org", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2016/dsa-3629"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/88264"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id/1035705"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-3096-1"}, {"source": "cret@cert.org", "url": "https://access.redhat.com/errata/RHSA-2016:1141"}, {"source": "cret@cert.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"}, {"source": "cret@cert.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"}, {"source": "cret@cert.org", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201607-15"}, {"source": "cret@cert.org", "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"}, {"source": "cret@cert.org", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"}, {"source": "cret@cert.org", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"}, {"source": "cret@cert.org", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"}, {"source": "cret@cert.org", "url": "https://www.debian.org/security/2016/dsa-3629"}, {"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/718152"}, {"source": "cret@cert.org", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Miroslav Lichvar (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:1141", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ntp-0:4.2.6p5-10.el6.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1552", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "ntp-0:4.2.6p5-5.el6_7.5", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2016-08-03T00:00:00Z"}, {"advisory": "RHSA-2016:1141", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ntp-0:4.2.6p5-22.el7_2.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}], "bugzilla": {"description": "ntp: ntpd switching to interleaved mode with spoofed packets", "id": "1331462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331462"}, "csaw": false, "cvss": {"cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "status": "verified"}, "details": ["An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client."], "name": "CVE-2016-1548", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1548\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1548\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security\nhttp://www.talosintel.com/reports/TALOS-2016-0082/"], "threat_severity": "Moderate", "upstream_fix": "ntp 4.2.8p7"}