CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.ntp.org/3045	Issue Tracking Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
http://support.ntp.org/bin/view/Main/NtpBug3045	Patch Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
http://www.kb.cert.org/vuls/id/321640	Third Party Advisory US Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securityfocus.com/archive/1/538599/100/0/threaded
http://www.securityfocus.com/archive/1/538600/100/0/threaded
http://www.securityfocus.com/archive/1/540683/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
http://www.securityfocus.com/bid/91010	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036037	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf	Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us	Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc	Third Party Advisory
https://security.gentoo.org/glsa/201607-15	Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11	Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://www.kb.cert.org/vuls/id/321640

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ntp:ntp::::::::
	cpe:2.3:a:ntp:ntp::::::::
	cpe:2.3:a:ntp:ntp:4.2.8:-::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p2::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p3::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p4::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p5::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p6::::::
	cpe:2.3:a:ntp:ntp:4.2.8:p7::::::

Configuration 2 (hide)

OR	cpe:2.3:o:oracle:solaris:10:::::::*
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:suse:manager:2.1:::::::*
	cpe:2.3:a:suse:manager_proxy:2.1:::::::*
	cpe:2.3:a:suse:openstack_cloud:5:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*

History

09 Jun 2021, 15:02

Type	Values Removed	Values Added
CPE		cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:::::::* cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:::::::* cpe:2.3:h:siemens:tim_4r-ie:-:::::::* cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:::::::: cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:::::::: cpe:2.3:o:siemens:tim_4r-ie_firmware::::::::
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf - Third Party Advisory
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf - Third Party Advisory
References	~~(CONFIRM) https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 -~~	(CONFIRM) https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 - Third Party Advisory, US Government Resource

08 Jun 2021, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf -

15 Apr 2021, 21:15

Type	Values Removed	Values Added
References		(CONFIRM) https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 -

13 Apr 2021, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf -

Information

Published : 2016-07-05 01:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-4953

Mitre link : CVE-2016-4953

CVE.ORG link : CVE-2016-4953

JSON object : View

Products Affected

oracle

solaris

siemens

tim_4r-ie_dnp3_firmware
tim_4r-ie_firmware
simatic_net_cp_443-1_opc_ua
tim_4r-ie
simatic_net_cp_443-1_opc_ua_firmware
tim_4r-ie_dnp3

suse

linux_enterprise_server
manager_proxy
linux_enterprise_desktop
openstack_cloud
manager

opensuse

leap
opensuse

ntp

CWE

CWE-287

Improper Authentication

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-4953

7.5^/10

5.0^/10

Attach tags to `CVE-2016-4953`