CVE-2016-1547

Summary

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Affected Software

VendorProductVersion RangeStatus
NTP ProjectNTP4.2.8p3affected
NTP ProjectNTP4.2.8p4affected
NTPsec ProjectNTPSeca5fb34b9cc89b92a8fef2f459004865c93bb7f92affected

Weaknesses

  • unspecified

ADP Enrichment

CVE Program Container

Additional References

References