ID CVE-2016-9311
Summary ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 24-01-2019 - 11:29)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1398350
title CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment ntp is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252001
        • comment ntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024002
      • AND
        • comment ntp-doc is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252003
        • comment ntp-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024004
      • AND
        • comment ntp-perl is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252005
        • comment ntp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024006
      • AND
        • comment ntpdate is earlier than 0:4.2.6p5-10.el6_8.2
          oval oval:com.redhat.rhsa:tst:20170252007
        • comment ntpdate is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024008
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment ntp is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252010
        • comment ntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024002
      • AND
        • comment ntp-doc is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252011
        • comment ntp-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024004
      • AND
        • comment ntp-perl is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252012
        • comment ntp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024006
      • AND
        • comment ntpdate is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252013
        • comment ntpdate is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024008
      • AND
        • comment sntp is earlier than 0:4.2.6p5-25.el7_3.1
          oval oval:com.redhat.rhsa:tst:20170252014
        • comment sntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024010
rhsa
id RHSA-2017:0252
released 2017-02-06
severity Moderate
title RHSA-2017:0252: ntp security update (Moderate)
rpms
  • ntp-0:4.2.6p5-10.el6_8.2
  • ntp-0:4.2.6p5-25.el7_3.1
  • ntp-debuginfo-0:4.2.6p5-10.el6_8.2
  • ntp-debuginfo-0:4.2.6p5-25.el7_3.1
  • ntp-doc-0:4.2.6p5-10.el6_8.2
  • ntp-doc-0:4.2.6p5-25.el7_3.1
  • ntp-perl-0:4.2.6p5-10.el6_8.2
  • ntp-perl-0:4.2.6p5-25.el7_3.1
  • ntpdate-0:4.2.6p5-10.el6_8.2
  • ntpdate-0:4.2.6p5-25.el7_3.1
  • sntp-0:4.2.6p5-25.el7_3.1
refmap via4
bid 94444
cert-vn VU#633847
confirm
freebsd FreeBSD-SA-16:39
sectrack 1037354
ubuntu USN-3707-2
Last major update 24-01-2019 - 11:29
Published 13-01-2017 - 16:59
Last modified 24-01-2019 - 11:29
Back to Top