- Home
- CVEs with nessus.description==An+update+for+ntp+is+now+available+for+Red+Hat+Enterprise+Linux+6+and+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Moderate.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+Network+Time+Protocol+%28NTP%29+is+used+to+synchronize+a+computer%27s+time+with+another+referenced+time+source.+These+packages+include+the+ntpd+service+which+continuously+adjusts+system+time+and+utilities+used+to+query+and+configure+the+ntpd+service.%0A%0ASecurity+Fix%28es%29+%3A%0A%0A%2A+It+was+found+that+when+ntp+is+configured+with+rate+limiting+for+all+associations+the+limits+are+also+applied+to+responses+received+from+its+configured+sources.+A+remote+attacker+who+knows+the+sources+can+cause+a+denial+of+service+by+preventing+ntpd+from+accepting+valid+responses+from+its+sources.+%28CVE-2016-7426%29%0A%0A%2A+A+flaw+was+found+in+the+control+mode+functionality+of+ntpd.+A+remote+attacker+could+send+a+crafted+control+mode+packet+which+could+lead+to+information+disclosure+or+result+in+DDoS+amplification+attacks.%0A%28CVE-2016-9310%29%0A%0A%2A+A+flaw+was+found+in+the+way+ntpd+implemented+the+trap+service.+A+remote+attacker+could+send+a+specially+crafted+packet+to+cause+a+NULL+pointer+dereference+that+will+crash+ntpd%2C+resulting+in+a+denial+of+service.+%28CVE-2016-9311%29%0A%0A%2A+A+flaw+was+found+in+the+way+ntpd+running+on+a+host+with+multiple+network+interfaces+handled+certain+server+responses.+A+remote+attacker+could+use+this+flaw+which+would+cause+ntpd+to+not+synchronize+with+the+source.+%28CVE-2016-7429%29%0A%0A%2A+A+flaw+was+found+in+the+way+ntpd+calculated+the+root+delay.+A+remote+attacker+could+send+a+specially+crafted+spoofed+packet+to+cause+denial+of+service+or+in+some+special+cases+even+crash.+%28CVE-2016-7433%29%0A%0ANote+that+Tenable+Network+Security+has+attempted+to+extract+the+preceding+description+block+directly+from+the+corresponding+Red+Hat+security+advisory.+Virtuozzo+provides+no+description+for+VZLSA+advisories.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top