ID CVE-2016-9311
Summary ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 24-01-2019 - 11:29)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1398350
title CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ntp is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252009
        • comment ntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024006
      • AND
        • comment ntp-doc is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252011
        • comment ntp-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024010
      • AND
        • comment ntp-perl is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252007
        • comment ntp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024014
      • AND
        • comment ntpdate is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252005
        • comment ntpdate is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024012
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment ntp is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252017
        • comment ntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024006
      • AND
        • comment ntp-doc is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252021
        • comment ntp-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024010
      • AND
        • comment ntp-perl is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252022
        • comment ntp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024014
      • AND
        • comment ntpdate is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252018
        • comment ntpdate is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024012
      • AND
        • comment sntp is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252019
        • comment sntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024008
rhsa
id RHSA-2017:0252
released 2017-02-06
severity Moderate
title RHSA-2017:0252: ntp security update (Moderate)
rpms
  • ntp-0:4.2.6p5-10.el6_8.2
  • ntp-doc-0:4.2.6p5-10.el6_8.2
  • ntp-perl-0:4.2.6p5-10.el6_8.2
  • ntpdate-0:4.2.6p5-10.el6_8.2
  • ntp-0:4.2.6p5-25.el7_3.1
  • ntp-doc-0:4.2.6p5-25.el7_3.1
  • ntp-perl-0:4.2.6p5-25.el7_3.1
  • ntpdate-0:4.2.6p5-25.el7_3.1
  • sntp-0:4.2.6p5-25.el7_3.1
refmap via4
bid 94444
cert-vn VU#633847
confirm
freebsd FreeBSD-SA-16:39
sectrack 1037354
ubuntu USN-3707-2
Last major update 24-01-2019 - 11:29
Published 13-01-2017 - 16:59
Back to Top