Sign-up

ID

VAR-201607-0011


CVE

CVE-2016-3988


TITLE

plural Meinberg Runs on device firmware NTP Time Server Interface-based stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003489

DESCRIPTION

Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request. Meinberg NTP Time Server is prone to multiple privilege-escalation and stack-based buffer-overflow vulnerabilities. Remote attackers can exploit these issues to execute arbitrary code in the context of the application or gain elevated privileges. Other attacks are also possible. The following products are affected : Meinberg IMS-LANTIME M3000 Version 6.0 and prior Meinberg IMS-LANTIME M1000 Version 6.0 and prior Meinberg IMS-LANTIME M500 Version 6.0 and prior Meinberg LANTIME M900 Version 6.0 and prior Meinberg LANTIME M600 Version 6.0 and prior Meinberg LANTIME M400 Version 6.0 and prior Meinberg LANTIME M300 Version 6.0 and prior Meinberg LANTIME M200 Version 6.0 and prior Meinberg LANTIME M100 Version 6.0 and prior Meinberg SyncFire 1100 Version 6.0 and prior Meinberg LCES Version 6.0 and prior. Meinberg IMS-LANTIME M3000 etc. are all NTP time servers of German Meinberg company

Trust: 1.98

sources: NVD: CVE-2016-3988 // JVNDB: JVNDB-2016-003489 // BID: 91400 // VULHUB: VHN-92807

AFFECTED PRODUCTS

vendor:meinbergmodel:lcesscope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:lantime m100scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:lantime m200scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:ims-lantime m3000scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:lantime m300scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:ntp serverscope:lteversion:6.0

Trust: 1.0

vendor:meinbergmodel:ims-lantime m1000scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:lantime m400scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:lantime m600scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:syncfire 1100scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:ims-lantime m500scope:eqversion: -

Trust: 1.0

vendor:meinbergmodel:lantime m900scope:eqversion: -

Trust: 1.0

vendor:meinberg funkuhrenmodel:ims-lantime m1000scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:ims-lantime m3000scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:ims-lantime m500scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lantime m100scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lantime m200scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lantime m300scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lantime m400scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lantime m600scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lantime m900scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:lcesscope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel:ntp serverscope:ltversion:6.20.004

Trust: 0.8

vendor:meinberg funkuhrenmodel:syncfire 1100scope: - version: -

Trust: 0.8

vendor:meinbergmodel:ntp serverscope:eqversion:6.0

Trust: 0.6

sources: JVNDB: JVNDB-2016-003489 // CNNVD: CNNVD-201606-552 // NVD: CVE-2016-3988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3988
value: HIGH

Trust: 1.0

NVD: CVE-2016-3988
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201606-552
value: HIGH

Trust: 0.6

VULHUB: VHN-92807
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-3988
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-92807
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3988
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-92807 // JVNDB: JVNDB-2016-003489 // CNNVD: CNNVD-201606-552 // NVD: CVE-2016-3988

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-92807 // JVNDB: JVNDB-2016-003489 // NVD: CVE-2016-3988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-552

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201606-552

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003489

PATCH
title:Meinberg Security Advisory: [MBGSA-1604] WebUI and NTPurl:https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1604-webui-and-ntp.htm
Trust: 0.8
title:Multiple Meinberg Product-based stack-based buffer overflow vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62468
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003489 // 
            
            
            
            CNNVD: CNNVD-201606-552

EXTERNAL IDS
db:NVDid:CVE-2016-3988
Trust: 2.8
db:ICS CERTid:ICSA-16-175-03
Trust: 2.5
db:JVNDBid:JVNDB-2016-003489
Trust: 0.8
db:CNNVDid:CNNVD-201606-552
Trust: 0.7
db:BIDid:91400
Trust: 0.3
db:VULHUBid:VHN-92807
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92807 // 
            
            
            
            BID: 91400 // 
            
            
            
            JVNDB: JVNDB-2016-003489 // 
            
            
            
            CNNVD: CNNVD-201606-552 // 
            
            
            
            NVD: CVE-2016-3988

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-175-03
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3988
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3988
Trust: 0.8
sources:
            
            
            VULHUB: VHN-92807 // 
            
            
            
            JVNDB: JVNDB-2016-003489 // 
            
            
            
            CNNVD: CNNVD-201606-552 // 
            
            
            
            NVD: CVE-2016-3988

CREDITS
Ryan Wincey
Trust: 0.3
sources:
            
            
            BID: 91400

SOURCES
db:VULHUBid:VHN-92807
db:BIDid:91400
db:JVNDBid:JVNDB-2016-003489
db:CNNVDid:CNNVD-201606-552
db:NVDid:CVE-2016-3988

LAST UPDATE DATE
2025-04-13T23:02:54.697000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-92807date:2016-07-08T00:00:00
db:BIDid:91400date:2016-06-23T00:00:00
db:JVNDBid:JVNDB-2016-003489date:2016-07-11T00:00:00
db:CNNVDid:CNNVD-201606-552date:2016-07-04T00:00:00
db:NVDid:CVE-2016-3988date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-92807date:2016-07-03T00:00:00
db:BIDid:91400date:2016-06-23T00:00:00
db:JVNDBid:JVNDB-2016-003489date:2016-07-11T00:00:00
db:CNNVDid:CNNVD-201606-552date:2016-06-24T00:00:00
db:NVDid:CVE-2016-3988date:2016-07-03T14:59:04.523