ID |
CVE-2016-9311
|
Summary |
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
-
cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
-
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
|
CVSS |
Base: | 7.1 (as of 24-01-2019 - 11:29) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-476 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
redhat
via4
|
advisories | bugzilla | id | 1398350 | title | CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 6 is installed | oval | oval:com.redhat.rhba:tst:20111656003 |
OR | AND | comment | ntp is earlier than 0:4.2.6p5-10.el6_8.2 | oval | oval:com.redhat.rhsa:tst:20170252001 |
comment | ntp is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024002 |
|
AND | comment | ntp-doc is earlier than 0:4.2.6p5-10.el6_8.2 | oval | oval:com.redhat.rhsa:tst:20170252003 |
comment | ntp-doc is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024004 |
|
AND | comment | ntp-perl is earlier than 0:4.2.6p5-10.el6_8.2 | oval | oval:com.redhat.rhsa:tst:20170252005 |
comment | ntp-perl is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024006 |
|
AND | comment | ntpdate is earlier than 0:4.2.6p5-10.el6_8.2 | oval | oval:com.redhat.rhsa:tst:20170252007 |
comment | ntpdate is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024008 |
|
|
|
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
OR | AND | comment | ntp is earlier than 0:4.2.6p5-25.el7_3.1 | oval | oval:com.redhat.rhsa:tst:20170252010 |
comment | ntp is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024002 |
|
AND | comment | ntp-doc is earlier than 0:4.2.6p5-25.el7_3.1 | oval | oval:com.redhat.rhsa:tst:20170252011 |
comment | ntp-doc is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024004 |
|
AND | comment | ntp-perl is earlier than 0:4.2.6p5-25.el7_3.1 | oval | oval:com.redhat.rhsa:tst:20170252012 |
comment | ntp-perl is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024006 |
|
AND | comment | ntpdate is earlier than 0:4.2.6p5-25.el7_3.1 | oval | oval:com.redhat.rhsa:tst:20170252013 |
comment | ntpdate is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024008 |
|
AND | comment | sntp is earlier than 0:4.2.6p5-25.el7_3.1 | oval | oval:com.redhat.rhsa:tst:20170252014 |
comment | sntp is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20142024010 |
|
|
|
|
| rhsa | id | RHSA-2017:0252 | released | 2017-02-06 | severity | Moderate | title | RHSA-2017:0252: ntp security update (Moderate) |
|
| rpms | - ntp-0:4.2.6p5-10.el6_8.2
- ntp-0:4.2.6p5-25.el7_3.1
- ntp-debuginfo-0:4.2.6p5-10.el6_8.2
- ntp-debuginfo-0:4.2.6p5-25.el7_3.1
- ntp-doc-0:4.2.6p5-10.el6_8.2
- ntp-doc-0:4.2.6p5-25.el7_3.1
- ntp-perl-0:4.2.6p5-10.el6_8.2
- ntp-perl-0:4.2.6p5-25.el7_3.1
- ntpdate-0:4.2.6p5-10.el6_8.2
- ntpdate-0:4.2.6p5-25.el7_3.1
- sntp-0:4.2.6p5-25.el7_3.1
|
|
refmap
via4
|
bid | 94444 | cert-vn | VU#633847 | confirm | | freebsd | FreeBSD-SA-16:39 | sectrack | 1037354 | ubuntu | USN-3707-2 |
|
Last major update |
24-01-2019 - 11:29 |
Published |
13-01-2017 - 16:59 |
Last modified |
24-01-2019 - 11:29 |