NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
http://bugs.ntp.org/show_bug.cgi?id=2936
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://support.ntp.org/bin/view/Main/NtpBug2936
http://www.debian.org/security/2016/dsa-3629
http://www.securityfocus.com/bid/81960
http://www.securitytracker.com/id/1034782
http://www.talosintel.com/reports/TALOS-2016-0071/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
Source: MITRE
Published: 2016-01-26
Updated: 2020-06-18
Type: CWE-287
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
Base Score: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Impact Score: 4
Exploitability Score: 3.1
Severity: HIGH
OR
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125009 | EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556) | Nessus | Huawei Local Security Checks | high |
106499 | pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02) | Nessus | Firewalls | critical |
102128 | AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939) | Nessus | AIX Local Security Checks | medium |
99822 | EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060) | Nessus | Huawei Local Security Checks | medium |
99183 | AIX NTP v4 Advisory : ntp_advisory7.asc (IV87278) (IV87279) | Nessus | AIX Local Security Checks | medium |
95850 | Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103) | Nessus | Scientific Linux Local Security Checks | medium |
95330 | CentOS 7 : ntp (CESA-2016:2583) | Nessus | CentOS Local Security Checks | medium |
94705 | Oracle Linux 7 : ntp (ELSA-2016-2583) | Nessus | Oracle Linux Local Security Checks | medium |
94546 | RHEL 7 : ntp (RHSA-2016:2583) | Nessus | Red Hat Local Security Checks | medium |
93896 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : ntp vulnerabilities (USN-3096-1) | Nessus | Ubuntu Local Security Checks | high |
93352 | AIX 7.2 TL 0 : ntp (IV87939) (deprecated) | Nessus | AIX Local Security Checks | medium |
93351 | AIX 7.1 TL 3 : ntp (IV87615) (deprecated) | Nessus | AIX Local Security Checks | medium |
93350 | AIX 5.3 TL 12 : ntp (IV87614) (deprecated) | Nessus | AIX Local Security Checks | medium |
93349 | AIX 7.1 TL 4 : ntp (IV87420) (deprecated) | Nessus | AIX Local Security Checks | medium |
93348 | AIX 6.1 TL 9 : ntp (IV87419) (deprecated) | Nessus | AIX Local Security Checks | medium |
93186 | SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1) | Nessus | SuSE Local Security Checks | high |
92571 | Debian DSA-3629-1 : ntp - security update | Nessus | Debian Local Security Checks | high |
92546 | Debian DLA-559-1 : ntp security update | Nessus | Debian Local Security Checks | high |
92485 | GLSA-201607-15 : NTP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
91663 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1) | Nessus | SuSE Local Security Checks | high |
91403 | openSUSE Security Update : ntp (openSUSE-2016-649) | Nessus | SuSE Local Security Checks | high |
91269 | openSUSE Security Update : ntp (openSUSE-2016-599) | Nessus | SuSE Local Security Checks | high |
91248 | SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1) | Nessus | SuSE Local Security Checks | high |
91159 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1291-1) | Nessus | SuSE Local Security Checks | high |
91120 | SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1278-1) | Nessus | SuSE Local Security Checks | high |
91111 | openSUSE Security Update : ntp (openSUSE-2016-578) | Nessus | SuSE Local Security Checks | medium |
90991 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1) | Nessus | SuSE Local Security Checks | high |
90923 | Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p7 Multiple Vulnerabilities | Nessus | Misc. | high |
90821 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1) | Nessus | SuSE Local Security Checks | medium |
90820 | SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1) | Nessus | SuSE Local Security Checks | medium |
89577 | Fedora 23 : ntp-4.2.6p5-36.fc23 (2016-8bb1932088) | Nessus | Fedora Local Security Checks | medium |
89510 | Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8) | Nessus | Fedora Local Security Checks | high |
88912 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04) | Nessus | Slackware Local Security Checks | medium |
88661 | Amazon Linux AMI : ntp (ALAS-2016-649) | Nessus | Amazon Linux Local Security Checks | medium |
88068 | FreeBSD : ntp -- multiple vulnerabilities (5237f5d7-c020-11e5-b397-d050996490d0) | Nessus | FreeBSD Local Security Checks | medium |
88054 | Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p6 Multiple Vulnerabilities | Nessus | Misc. | medium |