// For flags

CVE-2016-1550

ntp: libntp message digest disclosure

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.

Existe una vulnerabilidad explotable en el mensaje de autenticación de la función del libntp en ntp 4.2.8p4 y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. Un atacante puede enviar series de mensajes manipulados para intentar el mensaje de dirección de clave.

A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-07 CVE Reserved
  • 2016-05-02 CVE Published
  • 2024-02-29 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (36)
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html 2021-11-17
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html 2021-11-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html 2021-11-17
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html 2021-11-17
http://rhn.redhat.com/errata/RHSA-2016-1552.html 2021-11-17
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd 2021-11-17
http://www.debian.org/security/2016/dsa-3629 2021-11-17
http://www.ubuntu.com/usn/USN-3096-1 2021-11-17
https://access.redhat.com/errata/RHSA-2016:1141 2021-11-17
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc 2021-11-17
https://security.gentoo.org/glsa/201607-15 2021-11-17
https://www.debian.org/security/2016/dsa-3629 2021-11-17
https://access.redhat.com/security/cve/CVE-2016-1550 2016-08-03
https://bugzilla.redhat.com/show_bug.cgi?id=1331464 2016-08-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ntp
Search vendor "Ntp"
Ntp
Search vendor "Ntp" for product "Ntp"
4.2.8
Search vendor "Ntp" for product "Ntp" and version "4.2.8"
p4
Affected