A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | ntp | 2016-06-02 18:06 | ALAS-2016-708 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 2.6 | AV:L/AC:H/Au:N/C:P/I:P/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |