Vulnerabilidad en NTP y NTPSec (CVE-2016-1548)
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-19
Errores en el procesamiento de datos
Fecha de publicación:
06/01/2017
Última modificación:
20/04/2025
Descripción
Un atacante puede suplantar un paquete de un servidor ntpd legítimo con una marca de tiempo de origen que coincida con la marca de tiempo peer->dst registrada para ese servidor. Después de hacer este cambio, el cliente en NTP 4.2.8p4 y versiones anteriores y NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c rechazarán todas las futuras respuestas legítimas del servidor. Es posible forzar al cliente víctima a mover el tiempo después de que el modo haya sido cambiado. ntpq no indica que el modo ha sido cambiado.
Impacto
Puntuación base 3.x
7.20
Gravedad 3.x
ALTA
Puntuación base 2.0
6.40
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
- http://rhn.redhat.com/errata/RHSA-2016-1552.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
- http://www.debian.org/security/2016/dsa-3629
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/archive/1/538233/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
- http://www.securityfocus.com/bid/88264
- http://www.securitytracker.com/id/1035705
- http://www.talosintelligence.com/reports/TALOS-2016-0082/
- http://www.ubuntu.com/usn/USN-3096-1
- https://access.redhat.com/errata/RHSA-2016:1141
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20171004-0002/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
- https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
- https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
- https://www.debian.org/security/2016/dsa-3629
- https://www.kb.cert.org/vuls/id/718152
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
- http://rhn.redhat.com/errata/RHSA-2016-1552.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
- http://www.debian.org/security/2016/dsa-3629
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/archive/1/538233/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
- http://www.securityfocus.com/bid/88264
- http://www.securitytracker.com/id/1035705
- http://www.talosintelligence.com/reports/TALOS-2016-0082/
- http://www.ubuntu.com/usn/USN-3096-1
- https://access.redhat.com/errata/RHSA-2016:1141
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20171004-0002/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
- https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
- https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
- https://www.debian.org/security/2016/dsa-3629
- https://www.kb.cert.org/vuls/id/718152
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082