CVE-2016-1549

Publication date 6 January 2017

Last updated 25 August 2025

Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Read the notes from the security team

Status

Package Ubuntu Release Status
ntp 16.04 LTS xenial Ignored
15.10 wily Ignored
14.04 LTS trusty Ignored
12.04 LTS precise Ignored

Notes

mdeslaur

upstream proposes mitigation only

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Other references

Access our resources on patching vulnerabilities