Login

Tenable Community & Support

Tenable University

CVE-2016-4953

MEDIUM

Description

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

References

http://www.kb.cert.org/vuls/id/321640

http://support.ntp.org/bin/view/Main/NtpBug3045

http://bugs.ntp.org/3045

http://support.ntp.org/bin/view/Main/SecurityNotice

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/91010

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us

https://security.gentoo.org/glsa/201607-15

http://www.securitytracker.com/id/1036037

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Details

Source: MITRE

Published: 2016-07-05

Updated: 2021-04-15

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*

cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*

cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

ID	Name	Product	Family	Severity
99183	AIX NTP v4 Advisory : ntp_advisory7.asc (IV87278) (IV87279)	Nessus	AIX Local Security Checks	medium
93352	AIX 7.2 TL 0 : ntp (IV87939) (deprecated)	Nessus	AIX Local Security Checks	medium
93351	AIX 7.1 TL 3 : ntp (IV87615) (deprecated)	Nessus	AIX Local Security Checks	medium
93350	AIX 5.3 TL 12 : ntp (IV87614) (deprecated)	Nessus	AIX Local Security Checks	medium
93349	AIX 7.1 TL 4 : ntp (IV87420) (deprecated)	Nessus	AIX Local Security Checks	medium
93348	AIX 6.1 TL 9 : ntp (IV87419) (deprecated)	Nessus	AIX Local Security Checks	medium
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	high
93153	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1602-1)	Nessus	SuSE Local Security Checks	medium
92927	FreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	medium
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
91721	openSUSE Security Update : ntp (openSUSE-2016-750)	Nessus	SuSE Local Security Checks	medium
91666	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1584-1)	Nessus	SuSE Local Security Checks	medium
91663	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)	Nessus	SuSE Local Security Checks	high
91662	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1563-1)	Nessus	SuSE Local Security Checks	medium
91630	openSUSE Security Update : ntp (openSUSE-2016-727)	Nessus	SuSE Local Security Checks	medium
91515	Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p8 / 4.3.x < 4.3.93 Multiple Vulnerabilities	Nessus	Misc.	medium
91462	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-155-01)	Nessus	Slackware Local Security Checks	medium
88661	Amazon Linux AMI : ntp (ALAS-2016-649)	Nessus	Amazon Linux Local Security Checks	medium