CVE-2016-1548 Information

Feb 14, 2021 cve

Description

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst timestamp recorded for that server. After making this switch the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Reference

http://rhn.redhat.com/errata/RHSA-2016-1552.html http://www.debian.org/security/2016/dsa-3629 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/88264 http://www.securitytracker.com/id/1035705 http://www.talosintelligence.com/reports/TALOS-2016-0082/ https://access.redhat.com/errata/RHSA-2016:1141 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0002/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

7.2

Share on: