Launchpad CVE tracker

CVE 2016-1547

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Related bugs and status

CVE-2016-1547 (Candidate) is related to these bugs:

Bug #1528050: NTP statsdir cleanup cronjob insecure

		In	Importance	Status
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu)	Undecided	Fix Released
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Wily)	Undecided	Won't Fix
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Xenial)	Undecided	Fix Released

Bug #1567540: ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)

		In	Importance	Status
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	ntp (Ubuntu)	High	Fix Released
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	NTP	High	Fix Released
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	ntp (Ubuntu Xenial)	High	Fix Released

Bug #1582767: apparmor permissions missing for winbind

		In	Importance	Status
1582767	apparmor permissions missing for winbind	ntp (Ubuntu)	Medium	Fix Released
1582767	apparmor permissions missing for winbind	ntp (Ubuntu Xenial)	Undecided	Won't Fix
1582767	apparmor permissions missing for winbind	ntp (Debian)	Unknown	Fix Released

Bug #1625372: NTP security issues on Precise and Trusty

Summary				In	Importance	Status
	1625372	NTP security issues on Precise and Trusty		ntp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-1547

References