ID

VAR-201701-0422


CVE

CVE-2016-1551


TITLE

NTP.org ntpd contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#718152

DESCRIPTION

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a remote security vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Background ========== NTP contains software for the Network Time Protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8" References ========== [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2016-120-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg 3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4 =VO7T -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2016-1551 // CERT/CC: VU#718152 // JVNDB: JVNDB-2016-007711 // BID: 88219 // VULMON: CVE-2016-1551 // PACKETSTORM: 137992 // PACKETSTORM: 136864

AFFECTED PRODUCTS

vendor:ntpsecmodel:ntpsecscope:eqversion:a5fb34b9cc89b92a8fef2f459004865c93bb7f92

Trust: 2.4

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 1.3

vendor:ntpmodel: - scope: - version: -

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.2.8p3

Trust: 0.8

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.90

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.25

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:ntpmodel:p74scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p153scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p150scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p8scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p7scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p6scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.1.2

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.77

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.70

Trust: 0.3

vendor:ntpmodel:4.2.8p6scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p5scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p1scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p366scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p111scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.7

Trust: 0.3

vendor:ntpmodel:4.2.5p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.0.ascope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:lotus protector for mail securityscope:eqversion:2.80

Trust: 0.3

vendor:ibmmodel:lotus protector for mail securityscope:eqversion:2.8.1.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:wap371 wireless access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience tools serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:virtual security gateway for microsoft hyper-vscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:videoscape control suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:video delivery system recorderscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unity expressscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system e-series blade serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications manager session management editionscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs directorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence profile seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence isdn linkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence exchange systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence conductorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:support centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:standalone rack server cimcscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:3210

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:1210

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sentinelscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:scosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime service catalog virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime license managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime infrastructure standalone plug and play gatewayscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrarscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:physical access managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:onepk all-in-one vmscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:network device security assessmentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:meetingplacescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:mediasensescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:media experience enginesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:management heartbeat serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:jabber guestscope:eqversion:10.0(2)

Trust: 0.3

vendor:ciscomodel:intrusion prevention system solutionsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:enterprise content delivery systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3400

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3000

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:dcm series 9900-digital content managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:content security appliance updater serversscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:connected grid routersscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:common services platform collectorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:cloud object storescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:clean access managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa cx and cisco prime security managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial routerscope:eqversion:9100

Trust: 0.3

vendor:ciscomodel:series ip phones vpn featurescope:eqversion:8800-0

Trust: 0.3

vendor:ntpmodel:ntpscope:neversion:4.3.92

Trust: 0.3

vendor:ntpmodel:4.2.8p7scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#718152 // BID: 88219 // JVNDB: JVNDB-2016-007711 // CNNVD: CNNVD-201604-606 // NVD: CVE-2016-1551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1551
value: LOW

Trust: 1.0

NVD: CVE-2016-1551
value: LOW

Trust: 0.8

CNNVD: CNNVD-201604-606
value: LOW

Trust: 0.6

VULMON: CVE-2016-1551
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-1551
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2016-1551
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2016-1551 // JVNDB: JVNDB-2016-007711 // CNNVD: CNNVD-201604-606 // NVD: CVE-2016-1551

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.8

sources: JVNDB: JVNDB-2016-007711 // NVD: CVE-2016-1551

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-606

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201604-606

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007711

PATCH

title:Top Pageurl:http://www.ntp.org

Trust: 0.8

title:Top Pageurl:https://www.ntpsec.org/

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - April 2016url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 0.8

title:ntpd Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61289

Trust: 0.6

title:Red Hat: CVE-2016-1551url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-1551

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/

Trust: 0.1

sources: VULMON: CVE-2016-1551 // JVNDB: JVNDB-2016-007711 // CNNVD: CNNVD-201604-606

EXTERNAL IDS

db:NVDid:CVE-2016-1551

Trust: 3.0

db:CERT/CCid:VU#718152

Trust: 2.6

db:BIDid:88219

Trust: 2.0

db:TALOSid:TALOS-2016-0132

Trust: 1.7

db:SECTRACKid:1035705

Trust: 1.1

db:JVNid:JVNVU91176422

Trust: 0.8

db:JVNDBid:JVNDB-2016-007711

Trust: 0.8

db:CNNVDid:CNNVD-201604-606

Trust: 0.6

db:VULMONid:CVE-2016-1551

Trust: 0.1

db:PACKETSTORMid:137992

Trust: 0.1

db:PACKETSTORMid:136864

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-1551 // BID: 88219 // JVNDB: JVNDB-2016-007711 // PACKETSTORM: 137992 // PACKETSTORM: 136864 // CNNVD: CNNVD-201604-606 // NVD: CVE-2016-1551

REFERENCES

url:http://www.securityfocus.com/bid/88219

Trust: 1.8

url:https://www.kb.cert.org/vuls/id/718152

Trust: 1.8

url:http://www.talosintelligence.com/reports/talos-2016-0132/

Trust: 1.7

url:http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security

Trust: 1.4

url:https://security.gentoo.org/glsa/201607-15

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.1

url:http://www.securitytracker.com/id/1035705

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20171004-0002/

Trust: 1.1

url:https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc

Trust: 1.1

url:http://support.ntp.org/bin/view/main/ntpbug3020

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551

Trust: 0.9

url:http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit

Trust: 0.8

url:http://jvn.jp/vu/jvnvu91176422/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1551

Trust: 0.8

url:http://www.ntp.org/

Trust: 0.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983803

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8138

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7704

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1547

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/254.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7702

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7855

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7852

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7979

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7974

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7703

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7853

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7851

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7975

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7976

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1551

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1548

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1550

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1549

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2518

Trust: 0.1

url:http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-1551 // BID: 88219 // JVNDB: JVNDB-2016-007711 // PACKETSTORM: 137992 // PACKETSTORM: 136864 // CNNVD: CNNVD-201604-606 // NVD: CVE-2016-1551

CREDITS

Matt Street and others of Cisco ASIG

Trust: 0.6

sources: CNNVD: CNNVD-201604-606

SOURCES

db:CERT/CCid:VU#718152
db:VULMONid:CVE-2016-1551
db:BIDid:88219
db:JVNDBid:JVNDB-2016-007711
db:PACKETSTORMid:137992
db:PACKETSTORMid:136864
db:CNNVDid:CNNVD-201604-606
db:NVDid:CVE-2016-1551

LAST UPDATE DATE

2024-08-14T12:45:54.033000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#718152date:2016-04-28T00:00:00
db:VULMONid:CVE-2016-1551date:2017-11-21T00:00:00
db:BIDid:88219date:2016-09-08T20:01:00
db:JVNDBid:JVNDB-2016-007711date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201604-606date:2016-04-28T00:00:00
db:NVDid:CVE-2016-1551date:2017-11-21T02:29:03.353

SOURCES RELEASE DATE

db:CERT/CCid:VU#718152date:2016-04-27T00:00:00
db:VULMONid:CVE-2016-1551date:2017-01-27T00:00:00
db:BIDid:88219date:2016-04-26T00:00:00
db:JVNDBid:JVNDB-2016-007711date:2017-03-13T00:00:00
db:PACKETSTORMid:137992date:2016-07-21T15:56:23
db:PACKETSTORMid:136864date:2016-05-02T21:38:58
db:CNNVDid:CNNVD-201604-606date:2016-04-28T00:00:00
db:NVDid:CVE-2016-1551date:2017-01-27T17:59:00.227