CVE-2016-1550: Infoleak

Reference Links

• http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
• https://security-tracker.debian.org/tracker/CVE-2016-1550
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
• http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
• http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
• http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
• http://rhn.redhat.com/errata/RHSA-2016-1552.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
• http://www.debian.org/security/2016/dsa-3629
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.securityfocus.com/archive/1/538233/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
• http://www.securityfocus.com/bid/88261
• http://www.securitytracker.com/id/1035705
• http://www.talosintelligence.com/reports/TALOS-2016-0084/
• http://www.ubuntu.com/usn/USN-3096-1
• https://access.redhat.com/errata/RHSA-2016:1141
• https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
• https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
• https://security.gentoo.org/glsa/201607-15
• https://security.netapp.com/advisory/ntap-20171004-0002/
• https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
• https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
• https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
• https://www.debian.org/security/2016/dsa-3629
• https://www.kb.cert.org/vuls/id/718152
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
• http://support.ntp.org/bin/view/Main/NtpBug2879
• http://www.talosintel.com/reports/TALOS-2016-0084/
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1332160
• https://rhn.redhat.com/errata/RHSA-2016-1552.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1331464
• https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-11 (Advisory)
• https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-11 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-21-103-11
• ICSA-21-159-11

Frequently Asked Questions

• What is the severity of CVE-2016-1550?

  CVE-2016-1550 has been classified as a high-severity vulnerability due to its potential for message authentication exploitation.

• How do I fix CVE-2016-1550?

  To fix CVE-2016-1550, update to the patched versions of the ntp package: 1:4.2.8p12+dfsg-4 or 1:4.2.8p15+dfsg-1 for Debian and 4.2.8 for Red Hat.

• What products are affected by CVE-2016-1550?

  CVE-2016-1550 affects multiple products including NTP 4.2.8p4, Siemens TIM 4R-IE, and SIMATIC NET CP 443-1 OPC UA.

• Can an attacker exploit CVE-2016-1550 remotely?

  Yes, an attacker can exploit CVE-2016-1550 remotely by sending crafted messages to the vulnerable NTP implementations.

• What are the potential impacts of exploiting CVE-2016-1550?

  Exploiting CVE-2016-1550 may allow an attacker to recover the message digest key, compromising the integrity of the NTP service.