First published: Tue Jul 05 2016(Updated: )
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic Net CP 443-1 OPC UA Firmware | ||
NTP ntp | >=4.2.0<4.2.8 | |
NTP ntp | >=4.3.0<4.3.93 | |
NTP ntp | =4.2.8 | |
NTP ntp | =4.2.8-p1 | |
NTP ntp | =4.2.8-p1-beta1 | |
NTP ntp | =4.2.8-p1-beta2 | |
NTP ntp | =4.2.8-p1-beta3 | |
NTP ntp | =4.2.8-p1-beta4 | |
NTP ntp | =4.2.8-p1-beta5 | |
NTP ntp | =4.2.8-p1-rc1 | |
NTP ntp | =4.2.8-p1-rc2 | |
NTP ntp | =4.2.8-p2 | |
NTP ntp | =4.2.8-p2-rc1 | |
NTP ntp | =4.2.8-p2-rc2 | |
NTP ntp | =4.2.8-p2-rc3 | |
NTP ntp | =4.2.8-p3 | |
NTP ntp | =4.2.8-p3-rc1 | |
NTP ntp | =4.2.8-p3-rc2 | |
NTP ntp | =4.2.8-p3-rc3 | |
NTP ntp | =4.2.8-p4 | |
NTP ntp | =4.2.8-p5 | |
NTP ntp | =4.2.8-p6 | |
NTP ntp | =4.2.8-p7 | |
Oracle Solaris SPARC | =10 | |
Oracle Solaris SPARC | =11.3 | |
suse manager proxy | =2.1 | |
openSUSE OpenStack Cloud | =5 | |
SUSE Manager | =2.1 | |
openSUSE | =42.1 | |
openSUSE | =13.2 | |
SUSE Linux Enterprise Desktop with Beagle | =12-sp1 | |
SUSE Linux Enterprise Server | =11-sp2 | |
SUSE Linux Enterprise Server | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp4 | |
SUSE Linux Enterprise Server | =12-sp1 | |
Siemens SIMATIC CP 443-1 OPC UA Firmware | ||
Siemens Simatic Net CP 443-1 OPC UA Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4955 has a medium severity rating due to its potential to cause denial of service.
To fix CVE-2016-4955, upgrade to NTP version 4.2.8p8 or later.
CVE-2016-4955 affects NTP versions 4.2.0 through 4.2.8p7 and several Siemens devices.
CVE-2016-4955 is associated with denial of service attacks caused by spoofed packets.
Yes, the vulnerability in CVE-2016-4955 occurs when autokey is enabled.