- Home
- CVEs with nessus.description==Multiple+vulnerabilities+have+been+discovered+in+the+NTP+suite+%3A%0A%0ACVE-2016-9311%3A+Trap+crash%2C+Reported+by+Matthew+Van+Gundy+of+Cisco+ASIG.%0A%0ACVE-2016-9310%3A+Mode+6+unauthenticated+trap+information+disclosure+and+DDoS+vector.+Reported+by+Matthew+Van+Gundy+of+Cisco+ASIG.%0A%0ACVE-2016-7427%3A+Broadcast+Mode+Replay+Prevention+DoS.+Reported+by+Matthew+Van+Gundy+of+Cisco+ASIG.%0A%0ACVE-2016-7428%3A+Broadcast+Mode+Poll+Interval+Enforcement+DoS.+Reported+by+Matthew+Van+Gundy+of+Cisco+ASIG.%0A%0ACVE-2016-7431%3A+Regression%3A+010-origin%3A+Zero+Origin+Timestamp+Bypass.%0AReported+by+Sharon+Goldberg+and+Aanchal+Malhotra+of+Boston+University.%0A%0ACVE-2016-7434%3A+NULL+pointer+dereference+in%0A_IO_str_init_static_internal%28%29.+Reported+by+Magnus+Stubman.%0A%0ACVE-2016-7426%3A+Client+rate+limiting+and+server+responses.+Reported+by+Miroslav+Lichvar+of+Red+Hat.%0A%0ACVE-2016-7433%3A+Reboot+sync+calculation+problem.+Reported+independently+by+Brian+Utterback+of+Oracle%2C+and+by+Sharon+Goldberg+and+Aanchal+Malhotra+of+Boston+University.+Impact+%3A+A+remote+attacker+who+can+send+a+specially+crafted+packet+to+cause+a+NULL+pointer+dereference+that+will+crash+ntpd%2C+resulting+in+a+Denial+of+Service.+%5BCVE-2016-9311%5D%0A%0AAn+exploitable+configuration+modification+vulnerability+exists+in+the+control+mode+%28mode+6%29+functionality+of+ntpd.+If%2C+against+long-standing+BCP+recommendations%2C+%27restrict+default+noquery+...%27+is+not+specified%2C+a+specially+crafted+control+mode+packet+can+set+ntpd+traps%2C+providing+information+disclosure+and+DDoS+amplification%2C+and+unset+ntpd+traps%2C+disabling+legitimate+monitoring+by+an+attacker+from+remote.%0A%5BCVE-2016-9310%5D%0A%0AAn+attacker+with+access+to+the+NTP+broadcast+domain+can+periodically+inject+specially+crafted+broadcast+mode+NTP+packets+into+the+broadcast+domain+which%2C+while+being+logged+by+ntpd%2C+can+cause+ntpd+to+reject+broadcast+mode+packets+from+legitimate+NTP+broadcast+servers.%0A%5BCVE-2016-7427%5D%0A%0AAn+attacker+with+access+to+the+NTP+broadcast+domain+can+send+specially+crafted+broadcast+mode+NTP+packets+to+the+broadcast+domain+which%2C+while+being+logged+by+ntpd%2C+will+cause+ntpd+to+reject+broadcast+mode+packets+from+legitimate+NTP+broadcast+servers.+%5BCVE-2016-7428%5D%0A%0AOrigin+timestamp+problems+were+fixed+in+ntp+4.2.8p6.+However%2C+subsequent+timestamp+validation+checks+introduced+a+regression+in+the+handling+of+some+Zero+origin+timestamp+checks.+%5BCVE-2016-7431%5D%0A%0AIf+ntpd+is+configured+to+allow+mrulist+query+requests+from+a+server+that+sends+a+crafted+malicious+packet%2C+ntpd+will+crash+on+receipt+of+that+crafted+malicious+mrulist+query+packet.+%5BCVE-2016-7434%5D%0A%0AAn+attacker+who+knows+the+sources+%28e.g.%2C+from+an+IPv4+refid+in+server+response%29+and+knows+the+system+is+%28mis%29configured+in+this+way+can+periodically+send+packets+with+spoofed+source+address+to+keep+the+rate+limiting+activated+and+prevent+ntpd+from+accepting+valid+responses+from+its+sources.+%5BCVE-2016-7426%5D%0A%0ANtp+Bug+2085+described+a+condition+where+the+root+delay+was+included+twice%2C+causing+the+jitter+value+to+be+higher+than+expected.+Due+to+a+misinterpretation+of+a+small-print+variable+in+The+Book%2C+the+fix+for+this+problem+was+incorrect%2C+resulting+in+a+root+distance+that+did+not+include+the+peer+dispersion.+The+calculations+and+formulas+have+been+reviewed+and+reconciled%2C+and+the+code+has+been+updated+accordingly.%0A%5BCVE-2016-7433%5D
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top