Last update: April 22, 2024 18:49 UTC (7e7bd5857)
Resolved | 4.2.8p7 | 26 Apr 2016 |
---|---|---|
References | Bug 3010 | CVE-2016-2517 |
Affects | All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92. |
Resolved in 4.2.8p7. |
CVSS2 Score | MED 4.9 | AV:N/AC:H/Au:S/C:N/I:N/A:C |
CVSS3 Score | MED 4.2 | CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H |
If ntpd
was expressly configured to allow for remote configuration, a malicious user who knows the controlkey
for ntpq
or the requestkey
for ntpdc
(if mode7
is expressly enabled) can create a session with ntpd
and then send a crafted packet to ntpd
that will change the value of the trustedkey, controlkey
, or requestkey
to a value that will prevent any subsequent authentication with ntpd
until ntpd
is restarted.
ntpd
instances.This weakness was discovered by Yihan Lian of the Cloud Security Team, Qihoo 360.