mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
111 lines
3.3 KiB
JSON
111 lines
3.3 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cert@cert.org",
|
|
"ID" : "CVE-2016-1547",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "NTP",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "4.2.8p3"
|
|
},
|
|
{
|
|
"version_value" : "4.2.8p4"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "NTP Project"
|
|
},
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "NTPSec",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "NTPsec Project"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "unspecified"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
|
|
},
|
|
{
|
|
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
|
|
},
|
|
{
|
|
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
|
|
},
|
|
{
|
|
"url" : "https://security.netapp.com/advisory/ntap-20171004-0002/"
|
|
},
|
|
{
|
|
"url" : "http://www.debian.org/security/2016/dsa-3629"
|
|
},
|
|
{
|
|
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
|
|
},
|
|
{
|
|
"url" : "https://security.gentoo.org/glsa/201607-15"
|
|
},
|
|
{
|
|
"url" : "https://access.redhat.com/errata/RHSA-2016:1141"
|
|
},
|
|
{
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
|
|
},
|
|
{
|
|
"url" : "http://www.securityfocus.com/bid/88276"
|
|
},
|
|
{
|
|
"url" : "http://www.securitytracker.com/id/1035705"
|
|
}
|
|
]
|
|
}
|
|
}
|