CVE-2016-4954

Name of the Vulnerable Software and Affected Versions NTP versions 4.x before 4.2.8p8

Description The issue allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. This is related to the process packet function in ntp proto.c in ntpd. Multiple Cisco products that incorporate a version of the Network Time Protocol daemon (ntpd) package are also affected, potentially allowing an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

Recommendations For NTP versions 4.x before 4.2.8p8, update to version 4.2.8p8 or later to resolve the issue. As a temporary workaround, consider restricting access to the process packet function in ntp proto.c until a patch is available. For Cisco products, apply the software updates that address these vulnerabilities when they become available. Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.