What is the severity of CVE-2016-1549?

CVE-2016-1549 is considered a high severity vulnerability due to its potential to compromise time synchronization.

How do I fix CVE-2016-1549?

To fix CVE-2016-1549, upgrade NTP to version 4.2.8p5 or later, as well as ensure that you are using the latest version of NTPsec.

What impact does CVE-2016-1549 have on affected systems?

CVE-2016-1549 allows a malicious authenticated peer to manipulate the clock selection process, potentially leading to unauthorized time changes.

Which versions of NTP are affected by CVE-2016-1549?

CVE-2016-1549 affects NTP version 4.2.8p4 and all earlier versions.

Can CVE-2016-1549 be exploited remotely?

CVE-2016-1549 requires malicious users to have authenticated access to the NTP server to exploit the vulnerability.

Vulnerability/
CVE-2016-1549

medium

6.5

CWE

6/1/2017

5/8/2024

CVE-2016-1549

First published: Fri Jan 06 2017(Updated: )

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
NTP	=4.2.8-p4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1549?
CVE-2016-1549 is considered a high severity vulnerability due to its potential to compromise time synchronization.
How do I fix CVE-2016-1549?
To fix CVE-2016-1549, upgrade NTP to version 4.2.8p5 or later, as well as ensure that you are using the latest version of NTPsec.
What impact does CVE-2016-1549 have on affected systems?
CVE-2016-1549 allows a malicious authenticated peer to manipulate the clock selection process, potentially leading to unauthorized time changes.
Which versions of NTP are affected by CVE-2016-1549?
CVE-2016-1549 affects NTP version 4.2.8p4 and all earlier versions.
Can CVE-2016-1549 be exploited remotely?
CVE-2016-1549 requires malicious users to have authenticated access to the NTP server to exploit the vulnerability.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/severity
agent/last-modified-date
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ntp
canonical/ntp
version/ntp/4.2.8-p4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.