Oracle Linux CVE-2016-1550

Title:

NETWORK TIME PROTOCOL LIBNTP MESSAGE DIGEST DISCLOSURE VULNERABILITY

CVE ID:

CVE-2016-1550

Description:

The MITRE CVE dictionary describes this issue as:

A flaw was found in the way NTP’s libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.

Find out more about CVE-2016-1550 from the MITRE CVE dictionary  and NIST NVD.

CVSS SCORE:

CVSSv2: 4.0 – AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSSv3: 4.8 – AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Mitigation:

linuxrpm-upgrade-ols6-x86-ntp

External References:


http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
http://www.talosintel.com/reports/TALOS-2016-0084/
https://access.redhat.com/security/cve/cve-2016-1550
https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2016-1550

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr