Medium severity6.5NVD Advisory· Published Jan 6, 2017· Updated May 6, 2026

CVE-2016-1549

Description

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated peer can create multiple ephemeral associations to manipulate ntpd's clock selection and alter a victim's time.

Vulnerability

In ntpd versions 4.2.8p4 and earlier, and NTPsec commits 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92, the daemon does not enforce a limit on the number of ephemeral associations that can be created under a single trusted symmetric key. This allows a malicious authenticated peer to mobilize arbitrarily many ephemeral associations from different source IP addresses, a Sybil attack [1].

Exploitation

An attacker must have knowledge of a trusted symmetric key shared with the victim ntpd process. The attacker sends authenticated requests from multiple source IP addresses, each causing ntpd to create a new ephemeral association advertising false time. If the number of malicious associations exceeds legitimate ones, the victim's clock selection algorithm will synchronize to the attacker's time [1].

Impact

Successful exploitation allows the attacker to modify the victim's clock, affecting time integrity. The CVSS v3 base score is 6.5 (Medium), with vector AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N [1].

Mitigation

The vulnerability is fixed in NTP 4.2.8p5 and later releases. FreeBSD patches are available in versions 10.3-RELEASE-p1, 10.2-RELEASE-p15, and 9.3-RELEASE-p40 [2]. Gentoo recommends upgrading to net-misc/ntp-4.2.8_p8 or later [4]. No workaround is known.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Ntp/Ntp
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
Dave Mills/Ntpdllm-fuzzy
Range: <=4.2.8p4
Ntpsec/Ntpsecllm-fuzzy
Range: 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92
osv-coords25 versions
pkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ntp&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ntp&distro=SUSE%20Manager%202.1 pkg:rpm/suse/ntp&distro=SUSE%20Manager%20Proxy%202.1 pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%205 pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%207
< 4.2.8p9-1.1+ 24 more
- (no CPE)range: < 4.2.8p9-1.1
- (no CPE)range: < 4.2.8p11-64.5.1
- (no CPE)range: < 4.2.8p8-46.8.1
- (no CPE)range: < 4.2.8p7-11.1
- (no CPE)range: < 4.2.8p11-64.3.2
- (no CPE)range: < 4.2.8p7-44.1
- (no CPE)range: < 4.2.8p7-44.1
- (no CPE)range: < 4.2.8p7-44.1
- (no CPE)range: < 4.2.8p7-11.1
- (no CPE)range: < 4.2.8p8-46.8.1
- (no CPE)range: < 4.2.8p7-11.1
- (no CPE)range: < 4.2.8p11-64.5.1
- (no CPE)range: < 4.2.8p11-64.5.1
- (no CPE)range: < 4.2.8p11-64.5.1
- (no CPE)range: < 4.2.8p11-64.3.2
- (no CPE)range: < 4.2.8p11-46.26.2
- (no CPE)range: < 4.2.8p7-11.1
- (no CPE)range: < 4.2.8p8-46.8.1
- (no CPE)range: < 4.2.8p7-11.1
- (no CPE)range: < 4.2.8p11-64.5.1
- (no CPE)range: < 4.2.8p11-64.3.2
- (no CPE)range: < 4.2.8p7-44.1
- (no CPE)range: < 4.2.8p7-44.1
- (no CPE)range: < 4.2.8p7-44.1
- (no CPE)range: < 4.2.8p11-64.5.1
NTP Project/NTPv5
Range: 4.2.8p3
NTPsec Project/NTPSecv5
Range: 3e160db8dc248a0bcb053b56a80167dc742d2b74

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.talosintelligence.com/reports/TALOS-2016-0083/nvdMitigationTechnical DescriptionThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
www.securityfocus.com/bid/88200nvd
www.securitytracker.com/id/1035705nvd
security.freebsd.org/advisories/FreeBSD-SA-16:16.ntp.ascnvd
security.gentoo.org/glsa/201607-15nvd
security.netapp.com/advisory/ntap-20171004-0002/nvd
support.hpe.com/hpsc/doc/public/displaynvd
www.synology.com/support/security/Synology_SA_18_13nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000