PT-2016-7323 · Ntf+5 · Ntp+6

Matthew Van Gundy

Publicado

2016-11-23

Atualizado

2024-06-15

CVE-2016-7427

CVSS v3.1

4.3

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.8p9

Description The issue allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. It is also caused by a NULL pointer dereference when trap service has been enabled, allowing a remote attacker to exploit this vulnerability to cause the application to crash. Multiple vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

Recommendations For NTP versions prior to 4.2.8p9, update to version 4.2.8p9 or later to resolve the issue. As a temporary workaround, consider disabling the trap service to minimize the risk of exploitation. Restrict access to the broadcast mode to prevent crafted packets from causing a denial of service.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2016-7427

OPENSUSE-SU-2024:10181-1

SUSE-SU-2016:3193-1

SUSE-SU-2016:3195-1

SUSE-SU-2016:3196-1

SUSE-SU-2017:0255-1

USN-3349-1

USN-3707-2

Produtos afetados

Cisco Ios Xr

Cisco Nexus

Freebsd

Ibm Aix

Ntp

Suse

Ubuntu

PT-2016-7323 · Ntf+5 · Ntp+6

CVE-2016-7427

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 125