PT-2016-7323 · Ntf+5 · Ntp+6

Matthew Van Gundy

Published

2016-11-23

Updated

2024-06-15

CVE-2016-7427

CVSS v3.1

4.3

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.8p9

Description The issue allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. It is also caused by a NULL pointer dereference when trap service has been enabled, allowing a remote attacker to exploit this vulnerability to cause the application to crash. Multiple vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

Recommendations For NTP versions prior to 4.2.8p9, update to version 4.2.8p9 or later to resolve the issue. As a temporary workaround, consider disabling the trap service to minimize the risk of exploitation. Restrict access to the broadcast mode to prevent crafted packets from causing a denial of service.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2016-7427

OPENSUSE-SU-2024:10181-1

SUSE-SU-2016:3193-1

SUSE-SU-2016:3195-1

SUSE-SU-2016:3196-1

SUSE-SU-2017:0255-1

USN-3349-1

USN-3707-2

Affected Products

Cisco Ios Xr

Cisco Nexus

Freebsd

Ibm Aix

Ntp

Suse

Ubuntu

PT-2016-7323 · Ntf+5 · Ntp+6

CVE-2016-7427

Weakness Enumeration

Related Identifiers

Affected Products

References · 125