Details of VAR-201701-0421

ID

VAR-201701-0421

CVE

CVE-2016-1549

TITLE

NTP.org ntpd contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#718152

DESCRIPTION

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a remote security vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Background ========== NTP contains software for the Network Time Protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8" References ========== [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2018-060-02) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE----- . Edge-case hole reported by Martin Burnicki of Meinberg. And fixes another security issue in ntpq and ntpdc: LOW: Sec 3505: The openhost() function used during command-line hostname processing by ntpq and ntpdc can write beyond its buffer limit, which could allow an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source

Trust: 3.06

sources: NVD: CVE-2016-1549 // CERT/CC: VU#718152 // JVNDB: JVNDB-2016-006650 // BID: 88200 // VULMON: CVE-2016-1549 // PACKETSTORM: 137992 // PACKETSTORM: 146631 // PACKETSTORM: 136864 // PACKETSTORM: 148988

AFFECTED PRODUCTS

vendor:	ntp	model:	ntp	scope:	eq	version:	4.2.8	Trust: 1.9
vendor:	ntp	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ntp	model:	ntp	scope:	lte	version:	4.2.8p4	Trust: 0.8
vendor:	slackware	model:	linux	scope:	eq	version:	14.1	Trust: 0.3
vendor:	slackware	model:	linux x86 64 -current	scope:	-	version:	-	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	14.1	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	14.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	14.0	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.37	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.37	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.1	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.0	Trust: 0.3
vendor:	slackware	model:	linux -current	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.3.90	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.3.25	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.3	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	ntp	model:	p74	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	ntp	model:	p153	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	ntp	model:	p150	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	ntp	model:	p8	scope:	eq	version:	4.2.4	Trust: 0.3
vendor:	ntp	model:	p7	scope:	eq	version:	4.2.4	Trust: 0.3
vendor:	ntp	model:	p6	scope:	eq	version:	4.2.4	Trust: 0.3
vendor:	ntp	model:	p5	scope:	eq	version:	4.2.4	Trust: 0.3
vendor:	ntp	model:	p4	scope:	eq	version:	4.2.4	Trust: 0.3
vendor:	ntp	model:	p4	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	ntp	model:	p1	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.3.77	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.3.70	Trust: 0.3
vendor:	ntp	model:	4.2.8p6	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.8p5	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.8p4	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.8p3	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.8p2	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.8p1	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.7p366	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.7p111	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.7p11	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	ntp	model:	4.2.5p3	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.5p186	scope:	-	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.0.a	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	lotus protector for mail security	scope:	eq	version:	2.80	Trust: 0.3
vendor:	ibm	model:	lotus protector for mail security	scope:	eq	version:	2.8.1.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.4.0	Trust: 0.3
vendor:	cisco	model:	wap371 wireless access point	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	visual quality experience tools server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	visual quality experience server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtual security gateway for microsoft hyper-v	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	videoscape control suite	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video distribution suite for internet streaming	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video delivery system recorder	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unity express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified computing system e-series blade server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager session management edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs central	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence sx series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence profile series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence mx series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence isdn link	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence exchange system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence ex series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	support central	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	standalone rack server cimc	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	small business series wireless access points	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	small business series wireless access points	scope:	eq	version:	3210	Trust: 0.3
vendor:	cisco	model:	small business series wireless access points	scope:	eq	version:	1210	Trust: 0.3
vendor:	cisco	model:	show and share	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sentinel	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	scos	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime service catalog virtual appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime license manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure standalone plug and play gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime access registrar appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	physical access manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	onepk all-in-one vm	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	network device security assessment	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nac server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nac guest server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nac appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	meetingplace	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mediasense	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	media experience engines	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	management heartbeat server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber guest	scope:	eq	version:	10.0(2)	Trust: 0.3
vendor:	cisco	model:	intrusion prevention system solutions	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	im and presence service	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	enterprise content delivery system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	edge digital media player	scope:	eq	version:	3400	Trust: 0.3
vendor:	cisco	model:	edge digital media player	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	dcm series 9900-digital content manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	content security appliance updater servers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	cloud object store	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	clean access manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	application policy infrastructure controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa cx and cisco prime security manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	access registrar appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	industrial router	scope:	eq	version:	9100	Trust: 0.3
vendor:	cisco	model:	series ip phones vpn feature	scope:	eq	version:	8800-0	Trust: 0.3
vendor:	ntp	model:	ntp	scope:	ne	version:	4.3.92	Trust: 0.3
vendor:	ntp	model:	4.2.8p7	scope:	ne	version:	-	Trust: 0.3
vendor:	ntp	model:	4.2.8p11	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#718152 // BID: 88200 // JVNDB: JVNDB-2016-006650 // CNNVD: CNNVD-201604-604 // NVD: CVE-2016-1549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1549
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1549
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201604-604
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2016-1549
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1549
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2016-1549
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2016-1549 // JVNDB: JVNDB-2016-006650 // CNNVD: CNNVD-201604-604 // NVD: CVE-2016-1549

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.8
problemtype:	CWE-362	Trust: 0.8

sources: JVNDB: JVNDB-2016-006650 // NVD: CVE-2016-1549

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-604

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201604-604

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006650

PATCH

title:	Oracle Solaris Third Party Bulletin - April 2016	url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 0.8
title:	April 2016 ntp-4.2.8p7 Security Vulnerability Announcement (Medium)	url:	http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security	Trust: 0.8
title:	TALOS-2016-0083	url:	http://www.talosintelligence.com/reports/TALOS-2016-0083/	Trust: 0.8
title:	ntpd Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61287	Trust: 0.6
title:	Red Hat: CVE-2016-1549	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-1549	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2016-1549	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201803-11] ntp: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201803-11	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1009	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1009	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=4ee609eeae78bbbd0d0c827f33a7f87f	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/	Trust: 0.1

sources: VULMON: CVE-2016-1549 // JVNDB: JVNDB-2016-006650 // CNNVD: CNNVD-201604-604

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1549	Trust: 3.2
db:	CERT/CC	id:	VU#718152	Trust: 2.6
db:	TALOS	id:	TALOS-2016-0083	Trust: 1.7
db:	BID	id:	88200	Trust: 1.4
db:	SECTRACK	id:	1035705	Trust: 1.1
db:	JVN	id:	JVNVU91176422	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-006650	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-604	Trust: 0.6
db:	VULMON	id:	CVE-2016-1549	Trust: 0.1
db:	PACKETSTORM	id:	137992	Trust: 0.1
db:	PACKETSTORM	id:	146631	Trust: 0.1
db:	PACKETSTORM	id:	136864	Trust: 0.1
db:	PACKETSTORM	id:	148988	Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-1549 // BID: 88200 // JVNDB: JVNDB-2016-006650 // PACKETSTORM: 137992 // PACKETSTORM: 146631 // PACKETSTORM: 136864 // PACKETSTORM: 148988 // CNNVD: CNNVD-201604-604 // NVD: CVE-2016-1549

REFERENCES

url:	https://www.kb.cert.org/vuls/id/718152	Trust: 1.8
url:	http://www.talosintelligence.com/reports/talos-2016-0083/	Trust: 1.7
url:	http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security	Trust: 1.4
url:	https://security.gentoo.org/glsa/201607-15	Trust: 1.2
url:	http://www.securityfocus.com/bid/88200	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1035705	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20171004-0002/	Trust: 1.1
url:	https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc	Trust: 1.1
url:	https://www.synology.com/support/security/synology_sa_18_13	Trust: 1.1
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03962en_us	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549	Trust: 1.1
url:	http://support.ntp.org/bin/view/main/ntpbug3012	Trust: 0.9
url:	http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91176422/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1549	Trust: 0.8
url:	http://www.ntp.org/	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073	Trust: 0.3
url:	http://support.ntp.org/bin/view/main/ntpbug3012p12	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21983803	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1549	Trust: 0.3
url:	http://slackware.com	Trust: 0.3
url:	http://osuosl.org)	Trust: 0.3
url:	http://slackware.com/gpg-key	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8138	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7704	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1547	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/19.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=56951	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7705	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7702	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8140	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7855	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7852	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7848	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7979	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8139	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7701	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7974	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7854	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7703	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7691	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8158	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7853	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7692	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7977	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7850	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7851	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7975	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7976	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7170	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7185	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7184	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7182	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170	Trust: 0.1
url:	http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1548	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2516	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2519	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1550	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2518	Trust: 0.1
url:	http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12327	Trust: 0.1
url:	http://support.ntp.org/bin/view/main/securitynotice#august_2018_ntp_4_2_8p12_ntp_rel	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12327	Trust: 0.1

CREDITS

Matthew Van Gundy of Cisco ASIG

Trust: 0.6

sources: CNNVD: CNNVD-201604-604

SOURCES

db:	CERT/CC	id:	VU#718152
db:	VULMON	id:	CVE-2016-1549
db:	BID	id:	88200
db:	JVNDB	id:	JVNDB-2016-006650
db:	PACKETSTORM	id:	137992
db:	PACKETSTORM	id:	146631
db:	PACKETSTORM	id:	136864
db:	PACKETSTORM	id:	148988
db:	CNNVD	id:	CNNVD-201604-604
db:	NVD	id:	CVE-2016-1549

LAST UPDATE DATE

2024-08-14T12:06:11.182000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#718152	date:	2016-04-28T00:00:00
db:	VULMON	id:	CVE-2016-1549	date:	2018-03-28T00:00:00
db:	BID	id:	88200	date:	2018-08-15T07:00:00
db:	JVNDB	id:	JVNDB-2016-006650	date:	2017-01-19T00:00:00
db:	CNNVD	id:	CNNVD-201604-604	date:	2017-01-11T00:00:00
db:	NVD	id:	CVE-2016-1549	date:	2018-03-28T01:29:03.510

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#718152	date:	2016-04-27T00:00:00
db:	VULMON	id:	CVE-2016-1549	date:	2017-01-06T00:00:00
db:	BID	id:	88200	date:	2016-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-006650	date:	2017-01-19T00:00:00
db:	PACKETSTORM	id:	137992	date:	2016-07-21T15:56:23
db:	PACKETSTORM	id:	146631	date:	2018-03-01T23:35:00
db:	PACKETSTORM	id:	136864	date:	2016-05-02T21:38:58
db:	PACKETSTORM	id:	148988	date:	2018-08-18T23:23:00
db:	CNNVD	id:	CNNVD-201604-604	date:	2016-04-28T00:00:00
db:	NVD	id:	CVE-2016-1549	date:	2017-01-06T21:59:00.383