CVE-2016-1551

low-risk
Published 2017-01-27

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.

Do I need to act?

-
0.98% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (2)

Ntp

Affected Vendors

Ntpsec Ntp

References (14)

Third Party Advisory http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory http://www.securityfocus.com/bid/88219
http://www.securitytracker.com/id/1035705
Third Party Advisory http://www.talosintelligence.com/reports/TALOS-2016-0132/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0002/
Third Party Advisory http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory http://www.securityfocus.com/bid/88219
http://www.securitytracker.com/id/1035705
Third Party Advisory http://www.talosintelligence.com/reports/TALOS-2016-0132/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0002/
23
/ 100
low-risk
Severity 13/34 · Low
Exploitability 3/34 · Minimal
Exposure 7/34 · Low