ID CVE-2016-7429
Summary NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-18
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2017:0252
rpms
  • ntp-0:4.2.6p5-10.el6_8.2
  • ntp-doc-0:4.2.6p5-10.el6_8.2
  • ntp-perl-0:4.2.6p5-10.el6_8.2
  • ntpdate-0:4.2.6p5-10.el6_8.2
  • ntp-0:4.2.6p5-25.el7_3.1
  • ntp-doc-0:4.2.6p5-25.el7_3.1
  • ntp-perl-0:4.2.6p5-25.el7_3.1
  • ntpdate-0:4.2.6p5-25.el7_3.1
  • sntp-0:4.2.6p5-25.el7_3.1
refmap via4
bid 94453
cert-vn VU#633847
confirm
sectrack 1037354
Last major update 05-01-2018 - 02:31
Published 13-01-2017 - 16:59
Back to Top