1
Candidate: CVE-2016-1549
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
5
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
6
http://www.talosintel.com/reports/TALOS-2016-0083/
8
A malicious authenticated peer can create arbitrarily-many ephemeral
9
associations in order to win the clock selection algorithm in ntpd in NTP
10
4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and
11
a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.
14
mdeslaur> upstream proposes mitigation only
16
http://support.ntp.org/bin/view/Main/NtpBug3012
18
Discovered-by: Matthew Van Gundy
22
upstream_ntp: released (1:4.2.8p7+dfsg-1)
25
vivid/stable-phone-overlay_ntp: ignored
26
vivid/ubuntu-core_ntp: DNE