CVE-2016-7429 - NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a sourc

CVE-2016-7429

Summary

NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.

References

Vulnerable Configurations

cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:

CWE

CWE-18

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2017:0252

rpms

ntp-0:4.2.6p5-10.el6_8.2
ntp-0:4.2.6p5-25.el7_3.1
ntp-debuginfo-0:4.2.6p5-10.el6_8.2
ntp-debuginfo-0:4.2.6p5-25.el7_3.1
ntp-doc-0:4.2.6p5-10.el6_8.2
ntp-doc-0:4.2.6p5-25.el7_3.1
ntp-perl-0:4.2.6p5-10.el6_8.2
ntp-perl-0:4.2.6p5-25.el7_3.1
ntpdate-0:4.2.6p5-10.el6_8.2
ntpdate-0:4.2.6p5-25.el7_3.1
sntp-0:4.2.6p5-25.el7_3.1

refmap via4

bid	94453
cert-vn	VU#633847
confirm	http://nwtime.org/ntp428p9_release/ http://support.ntp.org/bin/view/Main/NtpBug3072 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
sectrack	1037354

Last major update

05-01-2018 - 02:31

Published

13-01-2017 - 16:59

Last modified

05-01-2018 - 02:31