ID CVE-2016-7426
Summary NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
References
Vulnerable Configurations
  • NTP 4.2.5 Patch 203
    cpe:2.3:a:ntp:ntp:4.2.5:p203
  • NTP 4.2.5 Patch 204
    cpe:2.3:a:ntp:ntp:4.2.5:p204
  • NTP 4.2.5 Patch 205
    cpe:2.3:a:ntp:ntp:4.2.5:p205
  • NTP 4.2.5 Patch 206
    cpe:2.3:a:ntp:ntp:4.2.5:p206
  • NTP 4.2.5 Patch 207
    cpe:2.3:a:ntp:ntp:4.2.5:p207
  • NTP 4.2.5 Patch 208
    cpe:2.3:a:ntp:ntp:4.2.5:p208
  • NTP 4.2.5 Patch 209
    cpe:2.3:a:ntp:ntp:4.2.5:p209
  • NTP 4.2.5 Patch 210
    cpe:2.3:a:ntp:ntp:4.2.5:p210
  • NTP 4.2.5 Patch 211
    cpe:2.3:a:ntp:ntp:4.2.5:p211
  • NTP 4.2.5 Patch 212
    cpe:2.3:a:ntp:ntp:4.2.5:p212
  • NTP 4.2.5 Patch 213
    cpe:2.3:a:ntp:ntp:4.2.5:p213
  • NTP 4.2.5 Patch 214
    cpe:2.3:a:ntp:ntp:4.2.5:p214
  • NTP 4.2.5 Patch 215
    cpe:2.3:a:ntp:ntp:4.2.5:p215
  • NTP 4.2.5 Patch 216
    cpe:2.3:a:ntp:ntp:4.2.5:p216
  • NTP 4.2.5 Patch 217
    cpe:2.3:a:ntp:ntp:4.2.5:p217
  • NTP 4.2.5 Patch 218
    cpe:2.3:a:ntp:ntp:4.2.5:p218
  • NTP 4.2.5 Patch 219
    cpe:2.3:a:ntp:ntp:4.2.5:p219
  • NTP 4.2.5 Patch 220
    cpe:2.3:a:ntp:ntp:4.2.5:p220
  • NTP 4.2.5 Patch 221
    cpe:2.3:a:ntp:ntp:4.2.5:p221
  • NTP 4.2.5 Patch 222
    cpe:2.3:a:ntp:ntp:4.2.5:p222
  • NTP 4.2.5 Patch 223
    cpe:2.3:a:ntp:ntp:4.2.5:p223
  • NTP 4.2.5 Patch 224
    cpe:2.3:a:ntp:ntp:4.2.5:p224
  • NTP 4.2.5 Patch 225
    cpe:2.3:a:ntp:ntp:4.2.5:p225
  • NTP 4.2.5 Patch 226
    cpe:2.3:a:ntp:ntp:4.2.5:p226
  • NTP 4.2.5 Patch 227
    cpe:2.3:a:ntp:ntp:4.2.5:p227
  • NTP 4.2.5 Patch 228
    cpe:2.3:a:ntp:ntp:4.2.5:p228
  • NTP 4.2.5 Patch 229
    cpe:2.3:a:ntp:ntp:4.2.5:p229
  • NTP 4.2.5 Patch 230
    cpe:2.3:a:ntp:ntp:4.2.5:p230
  • NTP 4.2.5 Patch 231 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1
  • NTP 4.2.5 Patch 232 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1
  • NTP 4.2.5 Patch 233 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1
  • NTP 4.2.5 Patch 234 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1
  • NTP 4.2.5 Patch 235 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1
  • NTP 4.2.5 Patch 236 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1
  • NTP 4.2.5 Patch 237 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1
  • NTP 4.2.5 Patch 238 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1
  • NTP 4.2.5 Patch 239 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1
  • NTP 4.2.5 Patch 240 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1
  • NTP 4.2.5 Patch 241 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1
  • NTP 4.2.5 Patch 242 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1
  • NTP 4.2.5 Patch 243 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1
  • NTP 4.2.5 Patch 244 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1
  • NTP 4.2.5 Patch 245 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1
  • NTP 4.2.5 Patch 246 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1
  • NTP 4.2.5 Patch 247 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1
  • NTP 4.2.5 Patch 248 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1
  • NTP 4.2.5 Patch 249 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1
  • NTP 4.2.5 Patch 250 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1
  • NTP 4.2.6
    cpe:2.3:a:ntp:ntp:4.2.6
  • NTP 4.2.6 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.6:p1
  • NTP 4.2.6 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc1
  • NTP 4.2.6 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc2
  • NTP 4.2.6 Patch 1 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc3
  • NTP 4.2.6 Patch 1 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc4
  • NTP 4.2.6 Patch 1 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc5
  • NTP 4.2.6 Patch 1 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p1_rc6
  • NTP 4.2.6 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.6:p2
  • NTP 4.2.6 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc1
  • NTP 4.2.6 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc2
  • NTP 4.2.6 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc3
  • NTP 4.2.6 Patch 2 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc4
  • NTP 4.2.6 Patch 2 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc5
  • NTP 4.2.6 Patch 2 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc6
  • NTP 4.2.6 Patch 2 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.6:p2_rc7
  • NTP 4.2.6 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.6:p3
  • NTP 4.2.6 Patch 3 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.6:p3_beta1
  • NTP 4.2.6 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc1
  • NTP 4.2.6 Patch 3 Release Candidate 10
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc10
  • NTP 4.2.6 Patch 3 Release Candidate 11
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc11
  • NTP 4.2.6 Patch 3 Release Candidate 12
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc12
  • NTP 4.2.6 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc2
  • NTP 4.2.6 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc3
  • NTP 4.2.6 Patch 3 Release Candidate 4
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc4
  • NTP 4.2.6 Patch 3 Release Candidate 5
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc5
  • NTP 4.2.6 Patch 3 Release Candidate 6
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc6
  • NTP 4.2.6 Patch 3 Release Candidate 7
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc7
  • NTP 4.2.6 Patch 3 Release Candidate 8
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc8
  • NTP 4.2.6 Patch 3 Release Candidate 9
    cpe:2.3:a:ntp:ntp:4.2.6:p3_rc9
  • NTP 4.2.6 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.6:p4
  • NTP 4.2.6 Patch 4 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.6:p4_beta1
  • NTP 4.2.6 Patch 4 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.6:p4_beta2
  • NTP 4.2.6 Patch 4 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p4_rc1
  • NTP 4.2.6 Patch 4 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p4_rc2
  • NTP 4.2.6 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.6:p5
  • NTP 4.2.6 Patch 5 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc1
  • NTP 4.2.6 Patch 5 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc2
  • NTP 4.2.6 Patch 5 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.6:p5_rc3
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
  • NTP 4.2.7 Patch 0
    cpe:2.3:a:ntp:ntp:4.2.7:p0
  • NTP 4.2.7 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.7:p1
  • NTP 4.2.7 Patch 10
    cpe:2.3:a:ntp:ntp:4.2.7:p10
  • NTP 4.2.7 Patch 100
    cpe:2.3:a:ntp:ntp:4.2.7:p100
  • NTP 4.2.7 Patch 101
    cpe:2.3:a:ntp:ntp:4.2.7:p101
  • NTP 4.2.7 Patch 102
    cpe:2.3:a:ntp:ntp:4.2.7:p102
  • NTP 4.2.7 Patch 103
    cpe:2.3:a:ntp:ntp:4.2.7:p103
  • NTP 4.2.7 Patch 104
    cpe:2.3:a:ntp:ntp:4.2.7:p104
  • NTP 4.2.7 Patch 105
    cpe:2.3:a:ntp:ntp:4.2.7:p105
  • NTP 4.2.7 Patch 106
    cpe:2.3:a:ntp:ntp:4.2.7:p106
  • NTP 4.2.7 Patch 107
    cpe:2.3:a:ntp:ntp:4.2.7:p107
  • NTP 4.2.7 Patch 108
    cpe:2.3:a:ntp:ntp:4.2.7:p108
  • NTP 4.2.7 Patch 109
    cpe:2.3:a:ntp:ntp:4.2.7:p109
  • NTP 4.2.7 Patch 11
    cpe:2.3:a:ntp:ntp:4.2.7:p11
  • NTP 4.2.7 Patch 110
    cpe:2.3:a:ntp:ntp:4.2.7:p110
  • NTP 4.2.7 Patch 111
    cpe:2.3:a:ntp:ntp:4.2.7:p111
  • NTP 4.2.7 Patch 112
    cpe:2.3:a:ntp:ntp:4.2.7:p112
  • NTP 4.2.7 Patch 113
    cpe:2.3:a:ntp:ntp:4.2.7:p113
  • NTP 4.2.7 Patch 114
    cpe:2.3:a:ntp:ntp:4.2.7:p114
  • NTP 4.2.7 Patch 115
    cpe:2.3:a:ntp:ntp:4.2.7:p115
  • NTP 4.2.7 Patch 116
    cpe:2.3:a:ntp:ntp:4.2.7:p116
  • NTP 4.2.7 Patch 117
    cpe:2.3:a:ntp:ntp:4.2.7:p117
  • NTP 4.2.7 Patch 118
    cpe:2.3:a:ntp:ntp:4.2.7:p118
  • NTP 4.2.7 Patch 119
    cpe:2.3:a:ntp:ntp:4.2.7:p119
  • NTP 4.2.7 Patch 12
    cpe:2.3:a:ntp:ntp:4.2.7:p12
  • NTP 4.2.7 Patch 120
    cpe:2.3:a:ntp:ntp:4.2.7:p120
  • NTP 4.2.7 Patch 121
    cpe:2.3:a:ntp:ntp:4.2.7:p121
  • NTP 4.2.7 Patch 122
    cpe:2.3:a:ntp:ntp:4.2.7:p122
  • NTP 4.2.7 Patch 123
    cpe:2.3:a:ntp:ntp:4.2.7:p123
  • NTP 4.2.7 Patch 124
    cpe:2.3:a:ntp:ntp:4.2.7:p124
  • NTP 4.2.7 Patch 125
    cpe:2.3:a:ntp:ntp:4.2.7:p125
  • NTP 4.2.7 Patch 126
    cpe:2.3:a:ntp:ntp:4.2.7:p126
  • NTP 4.2.7 Patch 127
    cpe:2.3:a:ntp:ntp:4.2.7:p127
  • NTP 4.2.7 Patch 128
    cpe:2.3:a:ntp:ntp:4.2.7:p128
  • NTP 4.2.7 Patch 129
    cpe:2.3:a:ntp:ntp:4.2.7:p129
  • NTP 4.2.7 Patch 13
    cpe:2.3:a:ntp:ntp:4.2.7:p13
  • NTP 4.2.7 Patch 130
    cpe:2.3:a:ntp:ntp:4.2.7:p130
  • NTP 4.2.7 Patch 131
    cpe:2.3:a:ntp:ntp:4.2.7:p131
  • NTP 4.2.7 Patch 132
    cpe:2.3:a:ntp:ntp:4.2.7:p132
  • NTP 4.2.7 Patch 133
    cpe:2.3:a:ntp:ntp:4.2.7:p133
  • NTP 4.2.7 Patch 134
    cpe:2.3:a:ntp:ntp:4.2.7:p134
  • NTP 4.2.7 Patch 135
    cpe:2.3:a:ntp:ntp:4.2.7:p135
  • NTP 4.2.7 Patch 136
    cpe:2.3:a:ntp:ntp:4.2.7:p136
  • NTP 4.2.7 Patch 137
    cpe:2.3:a:ntp:ntp:4.2.7:p137
  • NTP 4.2.7 Patch 138
    cpe:2.3:a:ntp:ntp:4.2.7:p138
  • NTP 4.2.7 Patch 139
    cpe:2.3:a:ntp:ntp:4.2.7:p139
  • NTP 4.2.7 Patch 14
    cpe:2.3:a:ntp:ntp:4.2.7:p14
  • NTP 4.2.7 Patch 140
    cpe:2.3:a:ntp:ntp:4.2.7:p140
  • NTP 4.2.7 Patch 141
    cpe:2.3:a:ntp:ntp:4.2.7:p141
  • NTP 4.2.7 Patch 142
    cpe:2.3:a:ntp:ntp:4.2.7:p142
  • NTP 4.2.7 Patch 143
    cpe:2.3:a:ntp:ntp:4.2.7:p143
  • NTP 4.2.7 Patch 144
    cpe:2.3:a:ntp:ntp:4.2.7:p144
  • NTP 4.2.7 Patch 145
    cpe:2.3:a:ntp:ntp:4.2.7:p145
  • NTP 4.2.7 Patch 146
    cpe:2.3:a:ntp:ntp:4.2.7:p146
  • NTP 4.2.7 Patch 147
    cpe:2.3:a:ntp:ntp:4.2.7:p147
  • NTP 4.2.7 Patch 148
    cpe:2.3:a:ntp:ntp:4.2.7:p148
  • NTP 4.2.7 Patch 149
    cpe:2.3:a:ntp:ntp:4.2.7:p149
  • NTP 4.2.7 Patch 15
    cpe:2.3:a:ntp:ntp:4.2.7:p15
  • NTP 4.2.7 Patch 150
    cpe:2.3:a:ntp:ntp:4.2.7:p150
  • NTP 4.2.7 Patch 151
    cpe:2.3:a:ntp:ntp:4.2.7:p151
  • NTP 4.2.7 Patch 152
    cpe:2.3:a:ntp:ntp:4.2.7:p152
  • NTP 4.2.7 Patch 153
    cpe:2.3:a:ntp:ntp:4.2.7:p153
  • NTP 4.2.7 Patch 154
    cpe:2.3:a:ntp:ntp:4.2.7:p154
  • NTP 4.2.7 Patch 155
    cpe:2.3:a:ntp:ntp:4.2.7:p155
  • NTP 4.2.7 Patch 156
    cpe:2.3:a:ntp:ntp:4.2.7:p156
  • NTP 4.2.7 Patch 157
    cpe:2.3:a:ntp:ntp:4.2.7:p157
  • NTP 4.2.7 Patch 158
    cpe:2.3:a:ntp:ntp:4.2.7:p158
  • NTP 4.2.7 Patch 159
    cpe:2.3:a:ntp:ntp:4.2.7:p159
  • NTP 4.2.7 Patch 16
    cpe:2.3:a:ntp:ntp:4.2.7:p16
  • NTP 4.2.7 Patch 160
    cpe:2.3:a:ntp:ntp:4.2.7:p160
  • NTP 4.2.7 Patch 161
    cpe:2.3:a:ntp:ntp:4.2.7:p161
  • NTP 4.2.7 Patch 162
    cpe:2.3:a:ntp:ntp:4.2.7:p162
  • NTP 4.2.7 Patch 163
    cpe:2.3:a:ntp:ntp:4.2.7:p163
  • NTP 4.2.7 Patch 164
    cpe:2.3:a:ntp:ntp:4.2.7:p164
  • NTP 4.2.7 Patch 165
    cpe:2.3:a:ntp:ntp:4.2.7:p165
  • NTP 4.2.7 Patch 166
    cpe:2.3:a:ntp:ntp:4.2.7:p166
  • NTP 4.2.7 Patch 17
    cpe:2.3:a:ntp:ntp:4.2.7:p17
  • NTP 4.2.7 Patch 170
    cpe:2.3:a:ntp:ntp:4.2.7:p170
  • NTP 4.2.7 Patch 171
    cpe:2.3:a:ntp:ntp:4.2.7:p171
  • NTP 4.2.7 Patch 172
    cpe:2.3:a:ntp:ntp:4.2.7:p172
  • NTP 4.2.7 Patch 173
    cpe:2.3:a:ntp:ntp:4.2.7:p173
  • NTP 4.2.7 Patch 174
    cpe:2.3:a:ntp:ntp:4.2.7:p174
  • NTP 4.2.7 Patch 175
    cpe:2.3:a:ntp:ntp:4.2.7:p175
  • NTP 4.2.7 Patch 176
    cpe:2.3:a:ntp:ntp:4.2.7:p176
  • NTP 4.2.7 Patch 177
    cpe:2.3:a:ntp:ntp:4.2.7:p177
  • NTP 4.2.7 Patch 178
    cpe:2.3:a:ntp:ntp:4.2.7:p178
  • NTP 4.2.7 Patch 179
    cpe:2.3:a:ntp:ntp:4.2.7:p179
  • NTP 4.2.7 Patch 18
    cpe:2.3:a:ntp:ntp:4.2.7:p18
  • NTP 4.2.7 Patch 180
    cpe:2.3:a:ntp:ntp:4.2.7:p180
  • NTP 4.2.7 Patch 181
    cpe:2.3:a:ntp:ntp:4.2.7:p181
  • NTP 4.2.7 Patch 182
    cpe:2.3:a:ntp:ntp:4.2.7:p182
  • NTP 4.2.7 Patch 183
    cpe:2.3:a:ntp:ntp:4.2.7:p183
  • NTP 4.2.7 Patch 184
    cpe:2.3:a:ntp:ntp:4.2.7:p184
  • NTP 4.2.7 Patch 185
    cpe:2.3:a:ntp:ntp:4.2.7:p185
  • NTP 4.2.7 Patch 186
    cpe:2.3:a:ntp:ntp:4.2.7:p186
  • NTP 4.2.7 Patch 187
    cpe:2.3:a:ntp:ntp:4.2.7:p187
  • NTP 4.2.7 Patch 188
    cpe:2.3:a:ntp:ntp:4.2.7:p188
  • NTP 4.2.7 Patch 189
    cpe:2.3:a:ntp:ntp:4.2.7:p189
  • NTP 4.2.7 Patch 19
    cpe:2.3:a:ntp:ntp:4.2.7:p19
  • NTP 4.2.7 Patch 190
    cpe:2.3:a:ntp:ntp:4.2.7:p190
  • NTP 4.2.7 Patch 191
    cpe:2.3:a:ntp:ntp:4.2.7:p191
  • NTP 4.2.7 Patch 192
    cpe:2.3:a:ntp:ntp:4.2.7:p192
  • NTP 4.2.7 Patch 193
    cpe:2.3:a:ntp:ntp:4.2.7:p193
  • NTP 4.2.7 Patch 194
    cpe:2.3:a:ntp:ntp:4.2.7:p194
  • NTP 4.2.7 Patch 195
    cpe:2.3:a:ntp:ntp:4.2.7:p195
  • NTP 4.2.7 Patch 196
    cpe:2.3:a:ntp:ntp:4.2.7:p196
  • NTP 4.2.7 Patch 197
    cpe:2.3:a:ntp:ntp:4.2.7:p197
  • NTP 4.2.7 Patch 198
    cpe:2.3:a:ntp:ntp:4.2.7:p198
  • NTP 4.2.7 Patch 199
    cpe:2.3:a:ntp:ntp:4.2.7:p199
  • NTP 4.2.7 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.7:p2
  • NTP 4.2.7 Patch 20
    cpe:2.3:a:ntp:ntp:4.2.7:p20
  • NTP 4.2.7 Patch 200
    cpe:2.3:a:ntp:ntp:4.2.7:p200
  • NTP 4.2.7 Patch 201
    cpe:2.3:a:ntp:ntp:4.2.7:p201
  • NTP 4.2.7 Patch 202
    cpe:2.3:a:ntp:ntp:4.2.7:p202
  • NTP 4.2.7 Patch 203
    cpe:2.3:a:ntp:ntp:4.2.7:p203
  • NTP 4.2.7 Patch 204
    cpe:2.3:a:ntp:ntp:4.2.7:p204
  • NTP 4.2.7 Patch 205
    cpe:2.3:a:ntp:ntp:4.2.7:p205
  • NTP 4.2.7 Patch 206
    cpe:2.3:a:ntp:ntp:4.2.7:p206
  • NTP 4.2.7 Patch 207
    cpe:2.3:a:ntp:ntp:4.2.7:p207
  • NTP 4.2.7 Patch 208
    cpe:2.3:a:ntp:ntp:4.2.7:p208
  • NTP 4.2.7 Patch 209
    cpe:2.3:a:ntp:ntp:4.2.7:p209
  • NTP 4.2.7 Patch 21
    cpe:2.3:a:ntp:ntp:4.2.7:p21
  • NTP 4.2.7 Patch 210
    cpe:2.3:a:ntp:ntp:4.2.7:p210
  • NTP 4.2.7 Patch 211
    cpe:2.3:a:ntp:ntp:4.2.7:p211
  • NTP 4.2.7 Patch 212
    cpe:2.3:a:ntp:ntp:4.2.7:p212
  • NTP 4.2.7 Patch 213
    cpe:2.3:a:ntp:ntp:4.2.7:p213
  • NTP 4.2.7 Patch 214
    cpe:2.3:a:ntp:ntp:4.2.7:p214
  • NTP 4.2.7 Patch 215
    cpe:2.3:a:ntp:ntp:4.2.7:p215
  • NTP 4.2.7 Patch 216
    cpe:2.3:a:ntp:ntp:4.2.7:p216
  • NTP 4.2.7 Patch 217
    cpe:2.3:a:ntp:ntp:4.2.7:p217
  • NTP 4.2.7 Patch 218
    cpe:2.3:a:ntp:ntp:4.2.7:p218
  • NTP 4.2.7 Patch 219
    cpe:2.3:a:ntp:ntp:4.2.7:p219
  • NTP 4.2.7 Patch 22
    cpe:2.3:a:ntp:ntp:4.2.7:p22
  • NTP 4.2.7 Patch 220
    cpe:2.3:a:ntp:ntp:4.2.7:p220
  • NTP 4.2.7 Patch 221
    cpe:2.3:a:ntp:ntp:4.2.7:p221
  • NTP 4.2.7 Patch 222
    cpe:2.3:a:ntp:ntp:4.2.7:p222
  • NTP 4.2.7 Patch 223
    cpe:2.3:a:ntp:ntp:4.2.7:p223
  • NTP 4.2.7 Patch 224
    cpe:2.3:a:ntp:ntp:4.2.7:p224
  • NTP 4.2.7 Patch 225
    cpe:2.3:a:ntp:ntp:4.2.7:p225
  • NTP 4.2.7 Patch 226
    cpe:2.3:a:ntp:ntp:4.2.7:p226
  • NTP 4.2.7 Patch 227
    cpe:2.3:a:ntp:ntp:4.2.7:p227
  • NTP 4.2.7 Patch 228
    cpe:2.3:a:ntp:ntp:4.2.7:p228
  • NTP 4.2.7 Patch 229
    cpe:2.3:a:ntp:ntp:4.2.7:p229
  • NTP 4.2.7 Patch 23
    cpe:2.3:a:ntp:ntp:4.2.7:p23
  • NTP 4.2.7 Patch 230
    cpe:2.3:a:ntp:ntp:4.2.7:p230
  • NTP 4.2.7 Patch 231
    cpe:2.3:a:ntp:ntp:4.2.7:p231
  • NTP 4.2.7 Patch 232
    cpe:2.3:a:ntp:ntp:4.2.7:p232
  • NTP 4.2.7 Patch 233
    cpe:2.3:a:ntp:ntp:4.2.7:p233
  • NTP 4.2.7 Patch 234
    cpe:2.3:a:ntp:ntp:4.2.7:p234
  • NTP 4.2.7 Patch 235
    cpe:2.3:a:ntp:ntp:4.2.7:p235
  • NTP 4.2.7 Patch 236
    cpe:2.3:a:ntp:ntp:4.2.7:p236
  • NTP 4.2.7 Patch 237
    cpe:2.3:a:ntp:ntp:4.2.7:p237
  • NTP 4.2.7 Patch 238
    cpe:2.3:a:ntp:ntp:4.2.7:p238
  • NTP 4.2.7 Patch 239
    cpe:2.3:a:ntp:ntp:4.2.7:p239
  • NTP 4.2.7 Patch 24
    cpe:2.3:a:ntp:ntp:4.2.7:p24
  • NTP 4.2.7 Patch 240
    cpe:2.3:a:ntp:ntp:4.2.7:p240
  • NTP 4.2.7 Patch 241
    cpe:2.3:a:ntp:ntp:4.2.7:p241
  • NTP 4.2.7 Patch 242
    cpe:2.3:a:ntp:ntp:4.2.7:p242
  • NTP 4.2.7 Patch 243
    cpe:2.3:a:ntp:ntp:4.2.7:p243
  • NTP 4.2.7 Patch 244
    cpe:2.3:a:ntp:ntp:4.2.7:p244
  • NTP 4.2.7 Patch 245
    cpe:2.3:a:ntp:ntp:4.2.7:p245
  • NTP 4.2.7 Patch 246
    cpe:2.3:a:ntp:ntp:4.2.7:p246
  • NTP 4.2.7 Patch 247
    cpe:2.3:a:ntp:ntp:4.2.7:p247
  • NTP 4.2.7 Patch 248
    cpe:2.3:a:ntp:ntp:4.2.7:p248
  • NTP 4.2.7 Patch 249
    cpe:2.3:a:ntp:ntp:4.2.7:p249
  • NTP 4.2.7 Patch 25
    cpe:2.3:a:ntp:ntp:4.2.7:p25
  • NTP 4.2.7 Patch 250
    cpe:2.3:a:ntp:ntp:4.2.7:p250
  • NTP 4.2.7 Patch 251
    cpe:2.3:a:ntp:ntp:4.2.7:p251
  • NTP 4.2.7 Patch 252
    cpe:2.3:a:ntp:ntp:4.2.7:p252
  • NTP 4.2.7 Patch 253
    cpe:2.3:a:ntp:ntp:4.2.7:p253
  • NTP 4.2.7 Patch 254
    cpe:2.3:a:ntp:ntp:4.2.7:p254
  • NTP 4.2.7 Patch 255
    cpe:2.3:a:ntp:ntp:4.2.7:p255
  • NTP 4.2.7 Patch 256
    cpe:2.3:a:ntp:ntp:4.2.7:p256
  • NTP 4.2.7 Patch 257
    cpe:2.3:a:ntp:ntp:4.2.7:p257
  • NTP 4.2.7 Patch 258
    cpe:2.3:a:ntp:ntp:4.2.7:p258
  • NTP 4.2.7 Patch 259
    cpe:2.3:a:ntp:ntp:4.2.7:p259
  • NTP 4.2.7 Patch 26
    cpe:2.3:a:ntp:ntp:4.2.7:p26
  • NTP 4.2.7 Patch 260
    cpe:2.3:a:ntp:ntp:4.2.7:p260
  • NTP 4.2.7 Patch 261
    cpe:2.3:a:ntp:ntp:4.2.7:p261
  • NTP 4.2.7 Patch 262
    cpe:2.3:a:ntp:ntp:4.2.7:p262
  • NTP 4.2.7 Patch 263
    cpe:2.3:a:ntp:ntp:4.2.7:p263
  • NTP 4.2.7 Patch 264
    cpe:2.3:a:ntp:ntp:4.2.7:p264
  • NTP 4.2.7 Patch 265
    cpe:2.3:a:ntp:ntp:4.2.7:p265
  • NTP 4.2.7 Patch 266
    cpe:2.3:a:ntp:ntp:4.2.7:p266
  • NTP 4.2.7 Patch 267
    cpe:2.3:a:ntp:ntp:4.2.7:p267
  • NTP 4.2.7 Patch 268
    cpe:2.3:a:ntp:ntp:4.2.7:p268
  • NTP 4.2.7 Patch 269
    cpe:2.3:a:ntp:ntp:4.2.7:p269
  • NTP 4.2.7 Patch 27
    cpe:2.3:a:ntp:ntp:4.2.7:p27
  • NTP 4.2.7 Patch 270
    cpe:2.3:a:ntp:ntp:4.2.7:p270
  • NTP 4.2.7 Patch 271
    cpe:2.3:a:ntp:ntp:4.2.7:p271
  • NTP 4.2.7 Patch 272
    cpe:2.3:a:ntp:ntp:4.2.7:p272
  • NTP 4.2.7 Patch 273
    cpe:2.3:a:ntp:ntp:4.2.7:p273
  • NTP 4.2.7 Patch 274
    cpe:2.3:a:ntp:ntp:4.2.7:p274
  • NTP 4.2.7 Patch 275
    cpe:2.3:a:ntp:ntp:4.2.7:p275
  • NTP 4.2.7 Patch 276
    cpe:2.3:a:ntp:ntp:4.2.7:p276
  • NTP 4.2.7 Patch 277
    cpe:2.3:a:ntp:ntp:4.2.7:p277
  • NTP 4.2.7 Patch 278
    cpe:2.3:a:ntp:ntp:4.2.7:p278
  • NTP 4.2.7 Patch 279
    cpe:2.3:a:ntp:ntp:4.2.7:p279
  • NTP 4.2.7 Patch 28
    cpe:2.3:a:ntp:ntp:4.2.7:p28
  • NTP 4.2.7 Patch 280
    cpe:2.3:a:ntp:ntp:4.2.7:p280
  • NTP 4.2.7 Patch 281
    cpe:2.3:a:ntp:ntp:4.2.7:p281
  • NTP 4.2.7 Patch 282
    cpe:2.3:a:ntp:ntp:4.2.7:p282
  • NTP 4.2.7 Patch 283
    cpe:2.3:a:ntp:ntp:4.2.7:p283
  • NTP 4.2.7 Patch 284
    cpe:2.3:a:ntp:ntp:4.2.7:p284
  • NTP 4.2.7 Patch 285
    cpe:2.3:a:ntp:ntp:4.2.7:p285
  • NTP 4.2.7 Patch 286
    cpe:2.3:a:ntp:ntp:4.2.7:p286
  • NTP 4.2.7 Patch 287
    cpe:2.3:a:ntp:ntp:4.2.7:p287
  • NTP 4.2.7 Patch 288
    cpe:2.3:a:ntp:ntp:4.2.7:p288
  • NTP 4.2.7 Patch 289
    cpe:2.3:a:ntp:ntp:4.2.7:p289
  • NTP 4.2.7 Patch 29
    cpe:2.3:a:ntp:ntp:4.2.7:p29
  • NTP 4.2.7 Patch 290
    cpe:2.3:a:ntp:ntp:4.2.7:p290
  • NTP 4.2.7 Patch 291
    cpe:2.3:a:ntp:ntp:4.2.7:p291
  • NTP 4.2.7 Patch 292
    cpe:2.3:a:ntp:ntp:4.2.7:p292
  • NTP 4.2.7 Patch 293
    cpe:2.3:a:ntp:ntp:4.2.7:p293
  • NTP 4.2.7 Patch 294
    cpe:2.3:a:ntp:ntp:4.2.7:p294
  • NTP 4.2.7 Patch 295
    cpe:2.3:a:ntp:ntp:4.2.7:p295
  • NTP 4.2.7 Patch 296
    cpe:2.3:a:ntp:ntp:4.2.7:p296
  • NTP 4.2.7 Patch 297
    cpe:2.3:a:ntp:ntp:4.2.7:p297
  • NTP 4.2.7 Patch 298
    cpe:2.3:a:ntp:ntp:4.2.7:p298
  • NTP 4.2.7 Patch 299
    cpe:2.3:a:ntp:ntp:4.2.7:p299
  • NTP 4.2.7 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.7:p3
  • NTP 4.2.7 Patch 30
    cpe:2.3:a:ntp:ntp:4.2.7:p30
  • NTP 4.2.7 Patch 300
    cpe:2.3:a:ntp:ntp:4.2.7:p300
  • NTP 4.2.7 Patch 301
    cpe:2.3:a:ntp:ntp:4.2.7:p301
  • NTP 4.2.7 Patch 302
    cpe:2.3:a:ntp:ntp:4.2.7:p302
  • NTP 4.2.7 Patch 303
    cpe:2.3:a:ntp:ntp:4.2.7:p303
  • NTP 4.2.7 Patch 304
    cpe:2.3:a:ntp:ntp:4.2.7:p304
  • NTP 4.2.7 Patch 305
    cpe:2.3:a:ntp:ntp:4.2.7:p305
  • NTP 4.2.7 Patch 306
    cpe:2.3:a:ntp:ntp:4.2.7:p306
  • NTP 4.2.7 Patch 307
    cpe:2.3:a:ntp:ntp:4.2.7:p307
  • NTP 4.2.7 Patch 308
    cpe:2.3:a:ntp:ntp:4.2.7:p308
  • NTP 4.2.7 Patch 309
    cpe:2.3:a:ntp:ntp:4.2.7:p309
  • NTP 4.2.7 Patch 31
    cpe:2.3:a:ntp:ntp:4.2.7:p31
  • NTP 4.2.7 Patch 310
    cpe:2.3:a:ntp:ntp:4.2.7:p310
  • NTP 4.2.7 Patch 311
    cpe:2.3:a:ntp:ntp:4.2.7:p311
  • NTP 4.2.7 Patch 312
    cpe:2.3:a:ntp:ntp:4.2.7:p312
  • NTP 4.2.7 Patch 313
    cpe:2.3:a:ntp:ntp:4.2.7:p313
  • NTP 4.2.7 Patch 314
    cpe:2.3:a:ntp:ntp:4.2.7:p314
  • NTP 4.2.7 Patch 315
    cpe:2.3:a:ntp:ntp:4.2.7:p315
  • NTP 4.2.7 Patch 316
    cpe:2.3:a:ntp:ntp:4.2.7:p316
  • NTP 4.2.7 Patch 317
    cpe:2.3:a:ntp:ntp:4.2.7:p317
  • NTP 4.2.7 Patch 318
    cpe:2.3:a:ntp:ntp:4.2.7:p318
  • NTP 4.2.7 Patch 319
    cpe:2.3:a:ntp:ntp:4.2.7:p319
  • NTP 4.2.7 Patch 32
    cpe:2.3:a:ntp:ntp:4.2.7:p32
  • NTP 4.2.7 Patch 320
    cpe:2.3:a:ntp:ntp:4.2.7:p320
  • NTP 4.2.7 Patch 321
    cpe:2.3:a:ntp:ntp:4.2.7:p321
  • NTP 4.2.7 Patch 322
    cpe:2.3:a:ntp:ntp:4.2.7:p322
  • NTP 4.2.7 Patch 323
    cpe:2.3:a:ntp:ntp:4.2.7:p323
  • NTP 4.2.7 Patch 324
    cpe:2.3:a:ntp:ntp:4.2.7:p324
  • NTP 4.2.7 Patch 325
    cpe:2.3:a:ntp:ntp:4.2.7:p325
  • NTP 4.2.7 Patch 326
    cpe:2.3:a:ntp:ntp:4.2.7:p326
  • NTP 4.2.7 Patch 327
    cpe:2.3:a:ntp:ntp:4.2.7:p327
  • NTP 4.2.7 Patch 328
    cpe:2.3:a:ntp:ntp:4.2.7:p328
  • NTP 4.2.7 Patch 329
    cpe:2.3:a:ntp:ntp:4.2.7:p329
  • NTP 4.2.7 Patch 33
    cpe:2.3:a:ntp:ntp:4.2.7:p33
  • NTP 4.2.7 Patch 330
    cpe:2.3:a:ntp:ntp:4.2.7:p330
  • NTP 4.2.7 Patch 331
    cpe:2.3:a:ntp:ntp:4.2.7:p331
  • NTP 4.2.7 Patch 332
    cpe:2.3:a:ntp:ntp:4.2.7:p332
  • NTP 4.2.7 Patch 333
    cpe:2.3:a:ntp:ntp:4.2.7:p333
  • NTP 4.2.7 Patch 334
    cpe:2.3:a:ntp:ntp:4.2.7:p334
  • NTP 4.2.7 Patch 335
    cpe:2.3:a:ntp:ntp:4.2.7:p335
  • NTP 4.2.7 Patch 336
    cpe:2.3:a:ntp:ntp:4.2.7:p336
  • NTP 4.2.7 Patch 337
    cpe:2.3:a:ntp:ntp:4.2.7:p337
  • NTP 4.2.7 Patch 338
    cpe:2.3:a:ntp:ntp:4.2.7:p338
  • NTP 4.2.7 Patch 339
    cpe:2.3:a:ntp:ntp:4.2.7:p339
  • NTP 4.2.7 Patch 34
    cpe:2.3:a:ntp:ntp:4.2.7:p34
  • NTP 4.2.7 Patch 340
    cpe:2.3:a:ntp:ntp:4.2.7:p340
  • NTP 4.2.7 Patch 341
    cpe:2.3:a:ntp:ntp:4.2.7:p341
  • NTP 4.2.7 Patch 342
    cpe:2.3:a:ntp:ntp:4.2.7:p342
  • NTP 4.2.7 Patch 343
    cpe:2.3:a:ntp:ntp:4.2.7:p343
  • NTP 4.2.7 Patch 344
    cpe:2.3:a:ntp:ntp:4.2.7:p344
  • NTP 4.2.7 Patch 345
    cpe:2.3:a:ntp:ntp:4.2.7:p345
  • NTP 4.2.7 Patch 346
    cpe:2.3:a:ntp:ntp:4.2.7:p346
  • NTP 4.2.7 Patch 347
    cpe:2.3:a:ntp:ntp:4.2.7:p347
  • NTP 4.2.7 Patch 348
    cpe:2.3:a:ntp:ntp:4.2.7:p348
  • NTP 4.2.7 Patch 349
    cpe:2.3:a:ntp:ntp:4.2.7:p349
  • NTP 4.2.7 Patch 35
    cpe:2.3:a:ntp:ntp:4.2.7:p35
  • NTP 4.2.7 Patch 350
    cpe:2.3:a:ntp:ntp:4.2.7:p350
  • NTP 4.2.7 Patch 351
    cpe:2.3:a:ntp:ntp:4.2.7:p351
  • NTP 4.2.7 Patch 352
    cpe:2.3:a:ntp:ntp:4.2.7:p352
  • NTP 4.2.7 Patch 353
    cpe:2.3:a:ntp:ntp:4.2.7:p353
  • NTP 4.2.7 Patch 354
    cpe:2.3:a:ntp:ntp:4.2.7:p354
  • NTP 4.2.7 Patch 355
    cpe:2.3:a:ntp:ntp:4.2.7:p355
  • NTP 4.2.7 Patch 356
    cpe:2.3:a:ntp:ntp:4.2.7:p356
  • NTP 4.2.7 Patch 357
    cpe:2.3:a:ntp:ntp:4.2.7:p357
  • NTP 4.2.7 Patch 358
    cpe:2.3:a:ntp:ntp:4.2.7:p358
  • NTP 4.2.7 Patch 359
    cpe:2.3:a:ntp:ntp:4.2.7:p359
  • NTP 4.2.7 Patch 36
    cpe:2.3:a:ntp:ntp:4.2.7:p36
  • NTP 4.2.7 Patch 360
    cpe:2.3:a:ntp:ntp:4.2.7:p360
  • NTP 4.2.7 Patch 361
    cpe:2.3:a:ntp:ntp:4.2.7:p361
  • NTP 4.2.7 Patch 362
    cpe:2.3:a:ntp:ntp:4.2.7:p362
  • NTP 4.2.7 Patch 363
    cpe:2.3:a:ntp:ntp:4.2.7:p363
  • NTP 4.2.7 Patch 364
    cpe:2.3:a:ntp:ntp:4.2.7:p364
  • NTP 4.2.7 Patch 365
    cpe:2.3:a:ntp:ntp:4.2.7:p365
  • NTP 4.2.7 Patch 366
    cpe:2.3:a:ntp:ntp:4.2.7:p366
  • NTP 4.2.7 Patch 367
    cpe:2.3:a:ntp:ntp:4.2.7:p367
  • NTP 4.2.7 Patch 368
    cpe:2.3:a:ntp:ntp:4.2.7:p368
  • NTP 4.2.7 Patch 369
    cpe:2.3:a:ntp:ntp:4.2.7:p369
  • NTP 4.2.7 Patch 37
    cpe:2.3:a:ntp:ntp:4.2.7:p37
  • NTP 4.2.7 Patch 370
    cpe:2.3:a:ntp:ntp:4.2.7:p370
  • NTP 4.2.7 Patch 371
    cpe:2.3:a:ntp:ntp:4.2.7:p371
  • NTP 4.2.7 Patch 372
    cpe:2.3:a:ntp:ntp:4.2.7:p372
  • NTP 4.2.7 Patch 373
    cpe:2.3:a:ntp:ntp:4.2.7:p373
  • NTP 4.2.7 Patch 374
    cpe:2.3:a:ntp:ntp:4.2.7:p374
  • NTP 4.2.7 Patch 375
    cpe:2.3:a:ntp:ntp:4.2.7:p375
  • NTP 4.2.7 Patch 376
    cpe:2.3:a:ntp:ntp:4.2.7:p376
  • NTP 4.2.7 Patch 377
    cpe:2.3:a:ntp:ntp:4.2.7:p377
  • NTP 4.2.7 Patch 378
    cpe:2.3:a:ntp:ntp:4.2.7:p378
  • NTP 4.2.7 Patch 379
    cpe:2.3:a:ntp:ntp:4.2.7:p379
  • NTP 4.2.7 Patch 38
    cpe:2.3:a:ntp:ntp:4.2.7:p38
  • NTP 4.2.7 Patch 380
    cpe:2.3:a:ntp:ntp:4.2.7:p380
  • NTP 4.2.7 Patch 381
    cpe:2.3:a:ntp:ntp:4.2.7:p381
  • NTP 4.2.7 Patch 382
    cpe:2.3:a:ntp:ntp:4.2.7:p382
  • NTP 4.2.7 Patch 383
    cpe:2.3:a:ntp:ntp:4.2.7:p383
  • NTP 4.2.7 Patch 384
    cpe:2.3:a:ntp:ntp:4.2.7:p384
  • NTP 4.2.7 Patch 385
    cpe:2.3:a:ntp:ntp:4.2.7:p385
  • NTP 4.2.7 Patch 386
    cpe:2.3:a:ntp:ntp:4.2.7:p386
  • NTP 4.2.7 Patch 387
    cpe:2.3:a:ntp:ntp:4.2.7:p387
  • NTP 4.2.7 Patch 388
    cpe:2.3:a:ntp:ntp:4.2.7:p388
  • NTP 4.2.7 Patch 389
    cpe:2.3:a:ntp:ntp:4.2.7:p389
  • NTP 4.2.7 Patch 39
    cpe:2.3:a:ntp:ntp:4.2.7:p39
  • NTP 4.2.7 Patch 390
    cpe:2.3:a:ntp:ntp:4.2.7:p390
  • NTP 4.2.7 Patch 391
    cpe:2.3:a:ntp:ntp:4.2.7:p391
  • NTP 4.2.7 Patch 392
    cpe:2.3:a:ntp:ntp:4.2.7:p392
  • NTP 4.2.7 Patch 393
    cpe:2.3:a:ntp:ntp:4.2.7:p393
  • NTP 4.2.7 Patch 394
    cpe:2.3:a:ntp:ntp:4.2.7:p394
  • NTP 4.2.7 Patch 395
    cpe:2.3:a:ntp:ntp:4.2.7:p395
  • NTP 4.2.7 Patch 396
    cpe:2.3:a:ntp:ntp:4.2.7:p396
  • NTP 4.2.7 Patch 397
    cpe:2.3:a:ntp:ntp:4.2.7:p397
  • NTP 4.2.7 Patch 398
    cpe:2.3:a:ntp:ntp:4.2.7:p398
  • NTP 4.2.7 Patch 399
    cpe:2.3:a:ntp:ntp:4.2.7:p399
  • NTP 4.2.7 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.7:p4
  • NTP 4.2.7 Patch 40
    cpe:2.3:a:ntp:ntp:4.2.7:p40
  • NTP 4.2.7 Patch 400
    cpe:2.3:a:ntp:ntp:4.2.7:p400
  • NTP 4.2.7 Patch 401
    cpe:2.3:a:ntp:ntp:4.2.7:p401
  • NTP 4.2.7 Patch 402
    cpe:2.3:a:ntp:ntp:4.2.7:p402
  • NTP 4.2.7 Patch 403
    cpe:2.3:a:ntp:ntp:4.2.7:p403
  • NTP 4.2.7 Patch 404
    cpe:2.3:a:ntp:ntp:4.2.7:p404
  • NTP 4.2.7 Patch 405
    cpe:2.3:a:ntp:ntp:4.2.7:p405
  • NTP 4.2.7 Patch 406
    cpe:2.3:a:ntp:ntp:4.2.7:p406
  • NTP 4.2.7 Patch 407
    cpe:2.3:a:ntp:ntp:4.2.7:p407
  • NTP 4.2.7 Patch 408
    cpe:2.3:a:ntp:ntp:4.2.7:p408
  • NTP 4.2.7 Patch 409
    cpe:2.3:a:ntp:ntp:4.2.7:p409
  • NTP 4.2.7 Patch 41
    cpe:2.3:a:ntp:ntp:4.2.7:p41
  • NTP 4.2.7 Patch 410
    cpe:2.3:a:ntp:ntp:4.2.7:p410
  • NTP 4.2.7 Patch 411
    cpe:2.3:a:ntp:ntp:4.2.7:p411
  • NTP 4.2.7 Patch 412
    cpe:2.3:a:ntp:ntp:4.2.7:p412
  • NTP 4.2.7 Patch 413
    cpe:2.3:a:ntp:ntp:4.2.7:p413
  • NTP 4.2.7 Patch 414
    cpe:2.3:a:ntp:ntp:4.2.7:p414
  • NTP 4.2.7 Patch 415
    cpe:2.3:a:ntp:ntp:4.2.7:p415
  • NTP 4.2.7 Patch 416
    cpe:2.3:a:ntp:ntp:4.2.7:p416
  • NTP 4.2.7 Patch 417
    cpe:2.3:a:ntp:ntp:4.2.7:p417
  • NTP 4.2.7 Patch 418
    cpe:2.3:a:ntp:ntp:4.2.7:p418
  • NTP 4.2.7 Patch 419
    cpe:2.3:a:ntp:ntp:4.2.7:p419
  • NTP 4.2.7 Patch 42
    cpe:2.3:a:ntp:ntp:4.2.7:p42
  • NTP 4.2.7 Patch 420
    cpe:2.3:a:ntp:ntp:4.2.7:p420
  • NTP 4.2.7 Patch 421
    cpe:2.3:a:ntp:ntp:4.2.7:p421
  • NTP 4.2.7 Patch 422
    cpe:2.3:a:ntp:ntp:4.2.7:p422
  • NTP 4.2.7 Patch 423
    cpe:2.3:a:ntp:ntp:4.2.7:p423
  • NTP 4.2.7 Patch 424
    cpe:2.3:a:ntp:ntp:4.2.7:p424
  • NTP 4.2.7 Patch 425
    cpe:2.3:a:ntp:ntp:4.2.7:p425
  • NTP 4.2.7 Patch 426
    cpe:2.3:a:ntp:ntp:4.2.7:p426
  • NTP 4.2.7 Patch 427
    cpe:2.3:a:ntp:ntp:4.2.7:p427
  • NTP 4.2.7 Patch 428
    cpe:2.3:a:ntp:ntp:4.2.7:p428
  • NTP 4.2.7 Patch 429
    cpe:2.3:a:ntp:ntp:4.2.7:p429
  • NTP 4.2.7 Patch 43
    cpe:2.3:a:ntp:ntp:4.2.7:p43
  • NTP 4.2.7 Patch 430
    cpe:2.3:a:ntp:ntp:4.2.7:p430
  • NTP 4.2.7 Patch 431
    cpe:2.3:a:ntp:ntp:4.2.7:p431
  • NTP 4.2.7 Patch 432
    cpe:2.3:a:ntp:ntp:4.2.7:p432
  • NTP 4.2.7 Patch 433
    cpe:2.3:a:ntp:ntp:4.2.7:p433
  • NTP 4.2.7 Patch 434
    cpe:2.3:a:ntp:ntp:4.2.7:p434
  • NTP 4.2.7 Patch 435
    cpe:2.3:a:ntp:ntp:4.2.7:p435
  • NTP 4.2.7 Patch 436
    cpe:2.3:a:ntp:ntp:4.2.7:p436
  • NTP 4.2.7 Patch 437
    cpe:2.3:a:ntp:ntp:4.2.7:p437
  • NTP 4.2.7 Patch 438
    cpe:2.3:a:ntp:ntp:4.2.7:p438
  • NTP 4.2.7 Patch 439
    cpe:2.3:a:ntp:ntp:4.2.7:p439
  • NTP 4.2.7 Patch 44
    cpe:2.3:a:ntp:ntp:4.2.7:p44
  • NTP 4.2.7 Patch 440
    cpe:2.3:a:ntp:ntp:4.2.7:p440
  • NTP 4.2.7 Patch 441
    cpe:2.3:a:ntp:ntp:4.2.7:p441
  • NTP 4.2.7 Patch 442
    cpe:2.3:a:ntp:ntp:4.2.7:p442
  • NTP 4.2.7 Patch 443
    cpe:2.3:a:ntp:ntp:4.2.7:p443
  • NTP 4.2.7 Patch 444
    cpe:2.3:a:ntp:ntp:4.2.7:p444
  • NTP 4.2.7 Patch 445
    cpe:2.3:a:ntp:ntp:4.2.7:p445
  • NTP 4.2.7 Patch 446
    cpe:2.3:a:ntp:ntp:4.2.7:p446
  • NTP 4.2.7 Patch 447
    cpe:2.3:a:ntp:ntp:4.2.7:p447
  • NTP 4.2.7 Patch 448
    cpe:2.3:a:ntp:ntp:4.2.7:p448
  • NTP 4.2.7 Patch 449
    cpe:2.3:a:ntp:ntp:4.2.7:p449
  • NTP 4.2.7 Patch 45
    cpe:2.3:a:ntp:ntp:4.2.7:p45
  • NTP 4.2.7 Patch 450
    cpe:2.3:a:ntp:ntp:4.2.7:p450
  • NTP 4.2.7 Patch 451
    cpe:2.3:a:ntp:ntp:4.2.7:p451
  • NTP 4.2.7 Patch 452
    cpe:2.3:a:ntp:ntp:4.2.7:p452
  • NTP 4.2.7 Patch 453
    cpe:2.3:a:ntp:ntp:4.2.7:p453
  • NTP 4.2.7 Patch 454
    cpe:2.3:a:ntp:ntp:4.2.7:p454
  • NTP 4.2.7 Patch 455
    cpe:2.3:a:ntp:ntp:4.2.7:p455
  • NTP 4.2.7 Patch 456
    cpe:2.3:a:ntp:ntp:4.2.7:p456
  • NTP 4.2.7 Patch 457
    cpe:2.3:a:ntp:ntp:4.2.7:p457
  • NTP 4.2.7 Patch 458
    cpe:2.3:a:ntp:ntp:4.2.7:p458
  • NTP 4.2.7 Patch 459
    cpe:2.3:a:ntp:ntp:4.2.7:p459
  • NTP 4.2.7 Patch 46
    cpe:2.3:a:ntp:ntp:4.2.7:p46
  • NTP 4.2.7 Patch 460
    cpe:2.3:a:ntp:ntp:4.2.7:p460
  • NTP 4.2.7 Patch 461
    cpe:2.3:a:ntp:ntp:4.2.7:p461
  • NTP 4.2.7 Patch 462
    cpe:2.3:a:ntp:ntp:4.2.7:p462
  • NTP 4.2.7 Patch 463
    cpe:2.3:a:ntp:ntp:4.2.7:p463
  • NTP 4.2.7 Patch 464
    cpe:2.3:a:ntp:ntp:4.2.7:p464
  • NTP 4.2.7 Patch 465
    cpe:2.3:a:ntp:ntp:4.2.7:p465
  • NTP 4.2.7 Patch 466
    cpe:2.3:a:ntp:ntp:4.2.7:p466
  • NTP 4.2.7 Patch 467
    cpe:2.3:a:ntp:ntp:4.2.7:p467
  • NTP 4.2.7 Patch 468
    cpe:2.3:a:ntp:ntp:4.2.7:p468
  • NTP 4.2.7 Patch 469
    cpe:2.3:a:ntp:ntp:4.2.7:p469
  • NTP 4.2.7 Patch 47
    cpe:2.3:a:ntp:ntp:4.2.7:p47
  • NTP 4.2.7 Patch 470
    cpe:2.3:a:ntp:ntp:4.2.7:p470
  • NTP 4.2.7 Patch 471
    cpe:2.3:a:ntp:ntp:4.2.7:p471
  • NTP 4.2.7 Patch 472
    cpe:2.3:a:ntp:ntp:4.2.7:p472
  • NTP 4.2.7 Patch 473
    cpe:2.3:a:ntp:ntp:4.2.7:p473
  • NTP 4.2.7 Patch 474
    cpe:2.3:a:ntp:ntp:4.2.7:p474
  • NTP 4.2.7 Patch 475
    cpe:2.3:a:ntp:ntp:4.2.7:p475
  • NTP 4.2.7 Patch 476
    cpe:2.3:a:ntp:ntp:4.2.7:p476
  • NTP 4.2.7 Patch 477
    cpe:2.3:a:ntp:ntp:4.2.7:p477
  • NTP 4.2.7 Patch 478
    cpe:2.3:a:ntp:ntp:4.2.7:p478
  • NTP 4.2.7 Patch 479
    cpe:2.3:a:ntp:ntp:4.2.7:p479
  • NTP 4.2.7 Patch 48
    cpe:2.3:a:ntp:ntp:4.2.7:p48
  • NTP 4.2.7 Patch 480
    cpe:2.3:a:ntp:ntp:4.2.7:p480
  • NTP 4.2.7 Patch 481
    cpe:2.3:a:ntp:ntp:4.2.7:p481
  • NTP 4.2.7 Patch 482
    cpe:2.3:a:ntp:ntp:4.2.7:p482
  • NTP 4.2.7 Patch 483
    cpe:2.3:a:ntp:ntp:4.2.7:p483
  • NTP 4.2.7 Patch 484 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p484_rc1
  • NTP 4.2.7 Patch 485 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p485_rc1
  • NTP 4.2.7 Patch 486 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.7:p486_rc1
  • NTP 4.2.7 Patch 49
    cpe:2.3:a:ntp:ntp:4.2.7:p49
  • NTP 4.2.7 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.7:p5
  • NTP 4.2.7 Patch 50
    cpe:2.3:a:ntp:ntp:4.2.7:p50
  • NTP 4.2.7 Patch 51
    cpe:2.3:a:ntp:ntp:4.2.7:p51
  • NTP 4.2.7 Patch 52
    cpe:2.3:a:ntp:ntp:4.2.7:p52
  • NTP 4.2.7 Patch 53
    cpe:2.3:a:ntp:ntp:4.2.7:p53
  • NTP 4.2.7 Patch 54
    cpe:2.3:a:ntp:ntp:4.2.7:p54
  • NTP 4.2.7 Patch 55
    cpe:2.3:a:ntp:ntp:4.2.7:p55
  • NTP 4.2.7 Patch 56
    cpe:2.3:a:ntp:ntp:4.2.7:p56
  • NTP 4.2.7 Patch 57
    cpe:2.3:a:ntp:ntp:4.2.7:p57
  • NTP 4.2.7 Patch 58
    cpe:2.3:a:ntp:ntp:4.2.7:p58
  • NTP 4.2.7 Patch 59
    cpe:2.3:a:ntp:ntp:4.2.7:p59
  • NTP 4.2.7 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.7:p6
  • NTP 4.2.7 Patch 60
    cpe:2.3:a:ntp:ntp:4.2.7:p60
  • NTP 4.2.7 Patch 61
    cpe:2.3:a:ntp:ntp:4.2.7:p61
  • NTP 4.2.7 Patch 62
    cpe:2.3:a:ntp:ntp:4.2.7:p62
  • NTP 4.2.7 Patch 63
    cpe:2.3:a:ntp:ntp:4.2.7:p63
  • NTP 4.2.7 Patch 64
    cpe:2.3:a:ntp:ntp:4.2.7:p64
  • NTP 4.2.7 Patch 65
    cpe:2.3:a:ntp:ntp:4.2.7:p65
  • NTP 4.2.7 Patch 66
    cpe:2.3:a:ntp:ntp:4.2.7:p66
  • NTP 4.2.7 Patch 67
    cpe:2.3:a:ntp:ntp:4.2.7:p67
  • NTP 4.2.7 Patch 68
    cpe:2.3:a:ntp:ntp:4.2.7:p68
  • NTP 4.2.7 Patch 69
    cpe:2.3:a:ntp:ntp:4.2.7:p69
  • NTP 4.2.7 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.7:p7
  • NTP 4.2.7 Patch 70
    cpe:2.3:a:ntp:ntp:4.2.7:p70
  • NTP 4.2.7 Patch 71
    cpe:2.3:a:ntp:ntp:4.2.7:p71
  • NTP 4.2.7 Patch 72
    cpe:2.3:a:ntp:ntp:4.2.7:p72
  • NTP 4.2.7 Patch 73
    cpe:2.3:a:ntp:ntp:4.2.7:p73
  • NTP 4.2.7 Patch 74
    cpe:2.3:a:ntp:ntp:4.2.7:p74
  • NTP 4.2.7 Patch 75
    cpe:2.3:a:ntp:ntp:4.2.7:p75
  • NTP 4.2.7 Patch 76
    cpe:2.3:a:ntp:ntp:4.2.7:p76
  • NTP 4.2.7 Patch 77
    cpe:2.3:a:ntp:ntp:4.2.7:p77
  • NTP 4.2.7 Patch 78
    cpe:2.3:a:ntp:ntp:4.2.7:p78
  • NTP 4.2.7 Patch 79
    cpe:2.3:a:ntp:ntp:4.2.7:p79
  • NTP 4.2.7 Patch 8
    cpe:2.3:a:ntp:ntp:4.2.7:p8
  • NTP 4.2.7 Patch 80
    cpe:2.3:a:ntp:ntp:4.2.7:p80
  • NTP 4.2.7 Patch 81
    cpe:2.3:a:ntp:ntp:4.2.7:p81
  • NTP 4.2.7 Patch 82
    cpe:2.3:a:ntp:ntp:4.2.7:p82
  • NTP 4.2.7 Patch 83
    cpe:2.3:a:ntp:ntp:4.2.7:p83
  • NTP 4.2.7 Patch 84
    cpe:2.3:a:ntp:ntp:4.2.7:p84
  • NTP 4.2.7 Patch 85
    cpe:2.3:a:ntp:ntp:4.2.7:p85
  • NTP 4.2.7 Patch 86
    cpe:2.3:a:ntp:ntp:4.2.7:p86
  • NTP 4.2.7 Patch 87
    cpe:2.3:a:ntp:ntp:4.2.7:p87
  • NTP 4.2.7 Patch 88
    cpe:2.3:a:ntp:ntp:4.2.7:p88
  • NTP 4.2.7 Patch 89
    cpe:2.3:a:ntp:ntp:4.2.7:p89
  • NTP 4.2.7 Patch 9
    cpe:2.3:a:ntp:ntp:4.2.7:p9
  • NTP 4.2.7 Patch 90
    cpe:2.3:a:ntp:ntp:4.2.7:p90
  • NTP 4.2.7 Patch 91
    cpe:2.3:a:ntp:ntp:4.2.7:p91
  • NTP 4.2.7 Patch 92
    cpe:2.3:a:ntp:ntp:4.2.7:p92
  • NTP 4.2.7 Patch 93
    cpe:2.3:a:ntp:ntp:4.2.7:p93
  • NTP 4.2.7 Patch 94
    cpe:2.3:a:ntp:ntp:4.2.7:p94
  • NTP 4.2.7 Patch 95
    cpe:2.3:a:ntp:ntp:4.2.7:p95
  • NTP 4.2.7 Patch 96
    cpe:2.3:a:ntp:ntp:4.2.7:p96
  • NTP 4.2.7 Patch 97
    cpe:2.3:a:ntp:ntp:4.2.7:p97
  • NTP 4.2.7 Patch 98
    cpe:2.3:a:ntp:ntp:4.2.7:p98
  • NTP 4.2.7 Patch 99
    cpe:2.3:a:ntp:ntp:4.2.7:p99
  • NTP NTP 4.2.7p444
    cpe:2.3:a:ntp:ntp:4.2.7p444
  • NTP NTP 4.2.8
    cpe:2.3:a:ntp:ntp:4.2.8
  • NTP 4.2.8 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1
  • NTP 4.2.8 Patch 1 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta1
  • NTP 4.2.8 Patch 1 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta2
  • NTP 4.2.8 Patch 1 Beta 3
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta3
  • NTP 4.2.8 Patch 1 Beta 4
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta4
  • NTP 4.2.8 Patch 1 Beta5
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta5
  • NTP 4.2.8 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc1
  • NTP 4.2.8 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc2
  • NTP 4.2.8 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2
  • NTP 4.2.8 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc1
  • NTP 4.2.8 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc2
  • NTP 4.2.8 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc3
  • NTP 4.2.8 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3
  • NTP 4.2.8 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc1
  • NTP 4.2.8 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc2
  • NTP 4.2.8 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc3
  • NTP 4.2.8 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.8:p4
  • NTP 4.2.8 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.8:p5
  • NTP 4.2.8 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.8:p6
  • NTP 4.2.8 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.8:p7
  • cpe:2.3:a:ntp:ntp:4.2.8:p8
    cpe:2.3:a:ntp:ntp:4.2.8:p8
CVSS
Base: 4.3 (as of 27-01-2017 - 10:35)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1009.NASL
    description Ephemeral association time spoofing additional protection ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549 .(CVE-2018-7170) Interleaved symmetric mode cannot recover from bad state ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the 'received' timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704 .(CVE-2018-7184) Ephemeral association time spoofing A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.(CVE-2016-1549) Buffer read overrun leads information leak in ctl_getitem() The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. (CVE-2018-7182) Unauthenticated packet can reset authenticated interleaved association The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the 'other side' of an interleaved association causing the victim ntpd to reset its association.(CVE-2018-7185) decodearr() can write beyond its buffer limit Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.(CVE-2018-7183)
    last seen 2019-02-21
    modified 2018-05-11
    plugin id 109688
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109688
    title Amazon Linux 2 : ntp (ALAS-2018-1009)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL51444934.NASL
    description NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. (CVE-2016-7426)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 95944
    published 2016-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95944
    title F5 Networks BIG-IP : NTP vulnerability (K51444934)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0038.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf [CVE-2013-5211] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 97058
    published 2017-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97058
    title OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0165.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf [CVE-2013-5211] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 104204
    published 2017-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104204
    title OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3196-1.NASL
    description This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: NULL pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed : - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95988
    published 2016-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95988
    title SUSE SLES12 Security Update : ntp (SUSE-SU-2016:3196-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170206_NTP_ON_SL6_X.NASL
    description Security Fix(es) : - It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) - A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) - A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) - A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) - A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 97039
    published 2017-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97039
    title Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-781.NASL
    description The following security-related issues were resolved : CVE-2016-7426 : Client rate limiting and server responses CVE-2016-7429 : Attack on interface selection CVE-2016-7433 : Broken initial sync calculations regression CVE-2016-9310 : Mode 6 unauthenticated trap information disclosure and DDoS vector CVE-2016-9311 : NULL pointer dereference when trap service is enabled
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 96283
    published 2017-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96283
    title Amazon Linux AMI : ntp (ALAS-2017-781)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_FCEDCDBBC86E11E6B1CF14DAE9D210B8.NASL
    description Multiple vulnerabilities have been discovered in the NTP suite : CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-7427: Broadcast Mode Replay Prevention DoS. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass. Reported by Sharon Goldberg and Aanchal Malhotra of Boston University. CVE-2016-7434: NULL pointer dereference in _IO_str_init_static_internal(). Reported by Magnus Stubman. CVE-2016-7426: Client rate limiting and server responses. Reported by Miroslav Lichvar of Red Hat. CVE-2016-7433: Reboot sync calculation problem. Reported independently by Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal Malhotra of Boston University. Impact : A remote attacker who can send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a Denial of Service. [CVE-2016-9311] An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, 'restrict default noquery ...' is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring by an attacker from remote. [CVE-2016-9310] An attacker with access to the NTP broadcast domain can periodically inject specially crafted broadcast mode NTP packets into the broadcast domain which, while being logged by ntpd, can cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers. [CVE-2016-7427] An attacker with access to the NTP broadcast domain can send specially crafted broadcast mode NTP packets to the broadcast domain which, while being logged by ntpd, will cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers. [CVE-2016-7428] Origin timestamp problems were fixed in ntp 4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. [CVE-2016-7431] If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted malicious mrulist query packet. [CVE-2016-7434] An attacker who knows the sources (e.g., from an IPv4 refid in server response) and knows the system is (mis)configured in this way can periodically send packets with spoofed source address to keep the rate limiting activated and prevent ntpd from accepting valid responses from its sources. [CVE-2016-7426] Ntp Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was incorrect, resulting in a root distance that did not include the peer dispersion. The calculations and formulas have been reviewed and reconciled, and the code has been updated accordingly. [CVE-2016-7433]
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 96123
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96123
    title FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (fcedcdbb-c86e-11e6-b1cf-14dae9d210b8)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-326-01.NASL
    description New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2017-09-21
    plugin id 95028
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95028
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2016-326-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-7209AB4E02.NASL
    description Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-04-17
    plugin id 95612
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95612
    title Fedora 25 : ntp (2016-7209ab4e02)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-0252.NASL
    description An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97026
    published 2017-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97026
    title CentOS 6 / 7 : ntp (CESA-2017:0252)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0003_NTP.NASL
    description An update of the ntp package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121668
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121668
    title Photon OS 1.0: Ntp PHSA-2017-0003
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3193-1.NASL
    description This update for ntp fixes the following issues : - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Security issues fixed (update to 4.2.8p9) : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: NULL pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed : - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95986
    published 2016-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95986
    title SUSE SLES11 Security Update : ntp (SUSE-SU-2016:3193-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0252.NASL
    description An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97011
    published 2017-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97011
    title RHEL 6 / 7 : ntp (RHSA-2017:0252)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0003_NTPSTAT.NASL
    description An update of the ntpstat package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121669
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121669
    title Photon OS 1.0: Ntpstat PHSA-2017-0003
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-0252.NASL
    description An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 101419
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101419
    title Virtuozzo 6 : ntp / ntp-doc / ntp-perl / ntpdate (VZLSA-2017-0252)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C198D15316.NASL
    description Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-04-17
    plugin id 95615
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95615
    title Fedora 24 : ntp (2016-c198d15316)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-0252.NASL
    description From Red Hat Security Advisory 2017:0252 : An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)
    last seen 2019-02-21
    modified 2017-04-17
    plugin id 97036
    published 2017-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97036
    title Oracle Linux 6 / 7 : ntp (ELSA-2017-0252)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1023.NASL
    description According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) - A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) - A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) - A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) - A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99868
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99868
    title EulerOS 2.0 SP1 : ntp (EulerOS-SA-2017-1023)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1525.NASL
    description This update for ntp fixes the following issues : ntp was updated to 4.2.8p9. Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: NULL pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed : - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2017-04-17
    plugin id 96173
    published 2016-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96173
    title openSUSE Security Update : ntp (openSUSE-2016-1525)
  • NASL family Misc.
    NASL id NTP_4_2_8P9.NASL
    description The version of the remote NTP server is 4.x prior to 4.2.8p9. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when rate limiting is configured for all associations, the limits also being applied to responses received from the configured sources. An unauthenticated, remote attacker can exploit this, by periodically sending spoofed packets, to keep rate limiting active, resulting in valid responses not being accepted by ntpd from its sources. (CVE-2016-7426) - A denial of service vulnerability exists in the broadcast mode replay prevention functionality. An unauthenticated, adjacent attacker can exploit this, via specially crafted broadcast mode NTP packets periodically injected into the broadcast domain, to cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers. (CVE-2016-7427) - A denial of service vulnerability exists in the broadcast mode poll interval functionality. An unauthenticated, adjacent attacker can exploit this, via specially crafted broadcast mode NTP packets, to cause ntpd to reject packets from a legitimate NTP broadcast server. (CVE-2016-7428) - A denial of service vulnerability exists when receiving server responses on sockets that correspond to different interfaces than what were used in the request. An unauthenticated, remote attacker can exploit this, by sending repeated requests using specially crafted packets with spoofed source addresses, to cause ntpd to select the incorrect interface for the source, which prevents it from sending new requests until the interface list is refreshed. This eventually results in preventing ntpd from synchronizing with the source. (CVE-2016-7429) - A flaw exists that allows packets with an origin timestamp of zero to bypass security checks. An unauthenticated, remote attacker can exploit this to spoof arbitrary content. (CVE-2016-7431) - A flaw exists due to the root delay being included twice, which may result in the jitter value being higher than expected. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-7433) - A denial of service vulnerability exists when handling specially crafted mrulist query packets that allows an unauthenticated, remote attacker to crash ntpd. (CVE-2016-7434) - A flaw exists in the control mode (mode 6) functionality when handling specially crafted control mode packets. An unauthenticated, adjacent attacker can exploit this to set or disable ntpd traps, resulting in the disclosure of potentially sensitive information, disabling of legitimate monitoring, or DDoS amplification. (CVE-2016-9310) - A NULL pointer dereference flaw exists in the report_event() function within file ntpd/ntp_control.c when the trap service handles certain peer events. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to cause a denial of service condition. (CVE-2016-9311) - A denial of service vulnerability exists when handling oversize UDP packets that allows an unauthenticated, remote attacker to crash ntpd. Note that this vulnerability only affects Windows versions. (CVE-2016-9312)
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 95575
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95575
    title Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p9 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8DB8D62AB08B11E68EBAD050996490D0.NASL
    description Network Time Foundation reports : NTF's NTP Project is releasing ntp-4.2.8p9, which addresses : - 1 HIGH severity vulnerability that only affects Windows - 2 MEDIUM severity vulnerabilities - 2 MEDIUM/LOW severity vulnerabilities - 5 LOW severity vulnerabilities - 28 other non-security fixes and improvements All of the security issues in this release are listed in VU#633847.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 95265
    published 2016-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95265
    title FreeBSD : ntp -- multiple vulnerabilities (8db8d62a-b08b-11e6-8eba-d050996490d0)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3349-1.NASL
    description Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428) Miroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429) Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. (CVE-2016-7431) Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433) Magnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434) Matthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310) Matthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311) It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6458) It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460) It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. (CVE-2017-6462) It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463) It was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6464). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 101263
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101263
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ntp vulnerabilities (USN-3349-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0003.NASL
    description An update of [guile,ntp] packages for PhotonOS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111852
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111852
    title Photon OS 1.0: Guile / Ntp / Ntpstat PHSA-2017-0003 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3195-1.NASL
    description This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: NULL pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed : - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95987
    published 2016-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95987
    title SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:3195-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0255-1.NASL
    description This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: NULL pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed : - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96715
    published 2017-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96715
    title SUSE SLES11 Security Update : ntp (SUSE-SU-2017:0255-1)
  • NASL family Firewalls
    NASL id PFSENSE_SA-17_03.NASL
    description According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 106503
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106503
    title pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E8A8561EE7.NASL
    description Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-04-17
    plugin id 95616
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95616
    title Fedora 23 : ntp (2016-e8a8561ee7)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1024.NASL
    description According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) - A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) - A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) - A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) - A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99869
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99869
    title EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1024)
redhat via4
advisories
rhsa
id RHSA-2017:0252
rpms
  • ntp-0:4.2.6p5-10.el6_8.2
  • ntp-doc-0:4.2.6p5-10.el6_8.2
  • ntp-perl-0:4.2.6p5-10.el6_8.2
  • ntpdate-0:4.2.6p5-10.el6_8.2
  • ntp-0:4.2.6p5-25.el7_3.1
  • ntp-doc-0:4.2.6p5-25.el7_3.1
  • ntp-perl-0:4.2.6p5-25.el7_3.1
  • ntpdate-0:4.2.6p5-25.el7_3.1
  • sntp-0:4.2.6p5-25.el7_3.1
refmap via4
bid 94451
cert-vn VU#633847
confirm
freebsd FreeBSD-SA-16:39
sectrack 1037354
ubuntu USN-3707-2
Last major update 09-05-2017 - 21:29
Published 13-01-2017 - 11:59
Last modified 24-01-2019 - 06:29
Back to Top