All the vulnerabilites related to Talos - Network Time Protocol
cve-2016-9042
Vulnerability from cvelistv5
Published
2018-06-04 20:00
Modified
2024-09-17 03:53
Summary
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
References
http://www.securitytracker.com/id/1038123vdb-entry, x_refsource_SECTRACK
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.ascvendor-advisory, x_refsource_FREEBSD
http://www.securitytracker.com/id/1039427vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/97046vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-3349-1vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2017/Nov/7mailing-list, x_refsource_FULLDISC
http://www.securityfocus.com/archive/1/540403/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/vendor-advisory, x_refsource_FEDORA
http://seclists.org/fulldisclosure/2017/Sep/62mailing-list, x_refsource_FULLDISC
http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_usx_refsource_CONFIRM
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260x_refsource_MISC
http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.htmlx_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10201x_refsource_CONFIRM
https://support.apple.com/kb/HT208144x_refsource_CONFIRM
https://support.f5.com/csp/article/K39041624x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa147x_refsource_CONFIRM
http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.htmlx_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:09.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038123",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038123"
          },
          {
            "name": "FreeBSD-SA-17:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
          },
          {
            "name": "1039427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039427"
          },
          {
            "name": "97046",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97046"
          },
          {
            "name": "USN-3349-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3349-1"
          },
          {
            "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
          },
          {
            "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
          },
          {
            "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
          },
          {
            "name": "FEDORA-2017-20d54b2782",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
          },
          {
            "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
          },
          {
            "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT208144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K39041624"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa147"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Network Time Protocol",
          "vendor": "Talos",
          "versions": [
            {
              "status": "affected",
              "version": "NTP 4.2.8p9"
            }
          ]
        }
      ],
      "datePublic": "2017-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T19:17:22",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "1038123",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038123"
        },
        {
          "name": "FreeBSD-SA-17:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
        },
        {
          "name": "1039427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039427"
        },
        {
          "name": "97046",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97046"
        },
        {
          "name": "USN-3349-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3349-1"
        },
        {
          "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
        },
        {
          "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
        },
        {
          "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
        },
        {
          "name": "FEDORA-2017-20d54b2782",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
        },
        {
          "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
        },
        {
          "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT208144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K39041624"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa147"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2017-03-29T00:00:00",
          "ID": "CVE-2016-9042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Network Time Protocol",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "NTP 4.2.8p9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Talos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038123",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038123"
            },
            {
              "name": "FreeBSD-SA-17:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
            },
            {
              "name": "1039427",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "name": "97046",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97046"
            },
            {
              "name": "USN-3349-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3349-1"
            },
            {
              "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
            },
            {
              "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
            },
            {
              "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
            },
            {
              "name": "FEDORA-2017-20d54b2782",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
            },
            {
              "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
            },
            {
              "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            },
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
            },
            {
              "name": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
            },
            {
              "name": "https://support.apple.com/kb/HT208144",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT208144"
            },
            {
              "name": "https://support.f5.com/csp/article/K39041624",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K39041624"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa147",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa147"
            },
            {
              "name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2016-9042",
    "datePublished": "2018-06-04T20:00:00Z",
    "dateReserved": "2016-10-26T00:00:00",
    "dateUpdated": "2024-09-17T03:53:51.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}