Oracle Linux: CVE-2016-1550

Title:

NETWORK TIME PROTOCOL LIBNTP MESSAGE DIGEST DISCLOSURE VULNERABILITY

CVE ID:

CVE-2016-1550

Description:

The MITRE CVE dictionary describes this issue as:

A flaw was found in the way NTP’s libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.

Find out more about CVE-2016-1550 from the MITRE CVE dictionary and NIST NVD.



CVSS SCORE:

CVSSv2: 4.0 – AV:N/AC:H/Au:N/C:P/I:P/A:Ns
CVSSv3: 4.8 – AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

External References:

http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
http://www.talosintel.com/reports/TALOS-2016-0084/

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr