CVE-2016-5117

MEDIUM

Openntpd < 6.0 - Security Feature Bypass

Title source: rule

Description

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.

References (4)

[Patch] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28

[Vendor Advisory] http://www.openntpd.org/txt/release-6.0p1.txt

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/05/23/2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/05/29/6

Scores

CVSS v3 5.9

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-254

Status published

Affected Products (2)

openntpd/openntpd < 6.0

n/a/n/a

Timeline

Published Jan 31, 2017

Tracked Since Feb 18, 2026