NTP BUG 3043: Autokey association reset

Last update: April 22, 2024 18:49 UTC (7e7bd5857)


Resolved 4.2.8p8 02 June 2016
References Bug 3043 CVE-2016-4955
Affects ntp-4, up to but not including ntp-4.2.8p8,
and ntp-4.3.0 up to, but not including ntp-4.3.93.
Resolved in 4.2.8p8.
CVSS2 Score LOW 2.6 AV:AC:H/Au:N/C:N/I:N/A:P
CVSS3 Score LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L


An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK or a bad MAC and cause the association’s peer variables to be cleared. If this can be done often enough, it will prevent that association from working.



This weakness was discovered by Miroslav Lichvar of Red Hat.