CVE-2016-1550

Title:

Vulnerability Spotlight: Further NTPD Vulnerabilities

CVE ID:

CVE-2016-1550

Description:

A flaw was found in the way NTP’s libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.

Find out more about CVE-2016-1550 from the MITRE CVE dictionary and NIST NVD.


CVSS SCORE:

CVSSv2: 4.0 – AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSSv3: 4.8 – AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Mitigation:

linuxrpm-upgrade-centos60-ix86-ntp

External References:

https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2016-1550
http://www.talosintel.com/reports/TALOS-2016-0084/

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr