CVE-2016-1547 in ntpinfo

Summary

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Reservation

01/07/2016

Disclosure

01/06/2017

Moderation

VulDB entry created

Entries

VDB-82981

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

7.0

EPSS

0.03664

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1547
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1547
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1547/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!