CVE-2016-1548

{"id": "CVE-2016-1548", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "published": "2017-01-06T21:59:00.353", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html", "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html", "source": "cret@cert.org"}, {"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html", "source": "cret@cert.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html", "source": "cret@cert.org"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd", "source": "cret@cert.org"}, {"url": "http://www.debian.org/security/2016/dsa-3629", "source": "cret@cert.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "source": "cret@cert.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/88264", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id/1035705", "source": "cret@cert.org"}, {"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/", "tags": ["Exploit", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.ubuntu.com/usn/USN-3096-1", "source": "cret@cert.org"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1141", "source": "cret@cert.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "source": "cret@cert.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", "source": "cret@cert.org"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc", "source": "cret@cert.org"}, {"url": "https://security.gentoo.org/glsa/201607-15", "source": "cret@cert.org"}, {"url": "https://security.netapp.com/advisory/ntap-20171004-0002/", "source": "cret@cert.org"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", "source": "cret@cert.org"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "source": "cret@cert.org"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19", "source": "cret@cert.org"}, {"url": "https://www.debian.org/security/2016/dsa-3629", "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/718152", "source": "cret@cert.org"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."}, {"lang": "es", "value": "Un atacante puede suplantar un paquete de un servidor ntpd leg\u00edtimo con una marca de tiempo de origen que coincida con la marca de tiempo peer->dst registrada para ese servidor. Despu\u00e9s de hacer este cambio, el cliente en NTP 4.2.8p4 y versiones anteriores y NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c rechazar\u00e1n todas las futuras respuestas leg\u00edtimas del servidor. Es posible forzar al cliente v\u00edctima a mover el tiempo despu\u00e9s de que el modo haya sido cambiado. ntpq no indica que el modo ha sido cambiado."}], "lastModified": "2021-11-17T22:15:47.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}