Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-7426 (GCVE-0-2016-7426)
Vulnerability from cvelistv5 – Published: 2017-01-13 16:00 – Updated: 2024-08-06 01:57
VLAI?
EPSS
Summary
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3071",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7426",
"datePublished": "2017-01-13T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2016-7426
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7426",
"description": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.",
"id": "GSD-2016-7426",
"references": [
"https://www.suse.com/security/cve/CVE-2016-7426.html",
"https://access.redhat.com/errata/RHSA-2017:0252",
"https://ubuntu.com/security/CVE-2016-7426",
"https://advisories.mageia.org/CVE-2016-7426.html",
"https://security.archlinux.org/CVE-2016-7426",
"https://alas.aws.amazon.com/cve/html/CVE-2016-7426.html",
"https://linux.oracle.com/cve/CVE-2016-7426.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7426"
],
"details": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.",
"id": "GSD-2016-7426",
"modified": "2023-12-13T01:21:21.113487Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3071",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94451"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.94",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "c.4.2.8.2.0",
"versionStartIncluding": "b.11.31",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7426"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#633847",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3071",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "94451",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94451"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-06-18T18:14Z",
"publishedDate": "2017-01-13T16:59Z"
}
}
}
GHSA-8WJH-3X3G-6PJF
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-04-20 03:31
VLAI?
Details
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2016-7426"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-13T16:59:00Z",
"severity": "HIGH"
},
"details": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.",
"id": "GHSA-8wjh-3x3g-6pjf",
"modified": "2025-04-20T03:31:11Z",
"published": "2022-05-13T01:25:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7426"
},
{
"type": "WEB",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3707-2"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"type": "WEB",
"url": "http://nwtime.org/ntp428p9_release"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94451"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2016-7426
Vulnerability from fkie_nvd - Published: 2017-01-13 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9B114E-15BF-4731-9296-A8F82591B418",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3505DE7A-B365-4455-A7BC-474019426C46",
"versionEndExcluding": "4.3.94",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*",
"matchCriteriaId": "EA207F59-B630-4BBB-9CD7-BA7B64581907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*",
"matchCriteriaId": "06AE2082-B219-4E94-89E8-E1328224C9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*",
"matchCriteriaId": "6E0F5656-3E41-4568-A810-F2CFA3677488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*",
"matchCriteriaId": "934152EB-5F5A-4BD8-B832-3B342551F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*",
"matchCriteriaId": "6936BEB5-B765-45C5-B671-A9D0CC4988C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*",
"matchCriteriaId": "BAA1E4CD-45EE-4814-AC6B-DE786C5B3B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*",
"matchCriteriaId": "95779DD0-C768-4B1C-A720-23BE19606B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*",
"matchCriteriaId": "1B035472-2B64-4BE4-8D25-6E31937641E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*",
"matchCriteriaId": "3CE88876-F0BB-43A1-9A4A-91C5D6FFC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*",
"matchCriteriaId": "4E4BE466-B479-47BA-9A1F-F0184E252103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*",
"matchCriteriaId": "4E6D7F8F-EF71-44E6-B33F-E0265266C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*",
"matchCriteriaId": "AC47FB1E-289A-4AA1-9DF1-0CEE13C9335F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*",
"matchCriteriaId": "B7BC8DB4-E715-44F1-8759-0414613C9F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*",
"matchCriteriaId": "5AF5BC27-EE65-4FB4-975E-FA3933B3202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*",
"matchCriteriaId": "795D50A9-41E5-40CE-88E9-391229607301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*",
"matchCriteriaId": "1DE4338B-F5B3-4410-886D-0F28A7ECE824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*",
"matchCriteriaId": "B1463DC6-D0C7-46E6-8418-B7900C99D079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*",
"matchCriteriaId": "C5B7AA5B-2BD5-4F19-A8BB-DF4677995602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*",
"matchCriteriaId": "DBCF724B-5018-4794-97D9-D8EDC2F04060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*",
"matchCriteriaId": "2A62EAF1-3D51-456F-BBE3-A2E8CBE7960D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*",
"matchCriteriaId": "67D86D6C-A8A3-4CD4-B1A5-57941B51C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*",
"matchCriteriaId": "E793243F-4179-46C9-B422-DC3D6E688B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*",
"matchCriteriaId": "6EAC9B6E-3A88-4DED-A5D4-862E076620BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*",
"matchCriteriaId": "AD8E8B74-6E16-47FF-A019-54B0438A8CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*",
"matchCriteriaId": "3C210EFA-7BF2-4EEE-B59C-F3C75743E182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*",
"matchCriteriaId": "23A9CDE2-4520-4542-93B0-74A01E919597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*",
"matchCriteriaId": "94A7790A-DACE-4F02-B2FF-2C851EFD9717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*",
"matchCriteriaId": "5ED47A47-3CB2-45CC-8147-CFFE0B93D966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*",
"matchCriteriaId": "4FC2172C-73BD-441D-9963-5C9E89FB68F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*",
"matchCriteriaId": "485C8744-A185-46EB-B27F-8A42ED76964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*",
"matchCriteriaId": "C01153E2-A4E3-4EF9-A33E-1026F578CB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*",
"matchCriteriaId": "505CE414-C5E5-4251-9F02-A8A0DA6C0E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*",
"matchCriteriaId": "607E83FB-FDB7-49CA-9DA9-B8DA43C3DF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*",
"matchCriteriaId": "864BA14B-B357-4ADD-BCE1-B2EAE4D299FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2856AAB8-172F-4657-85FF-9FFB698C4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C2B8290-8AD6-4EDD-9736-730DD33CA73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A509FC81-ABFD-4CE1-ABD6-C47ECCF97892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7111A1FB-142C-4538-BC96-F71AEDC0FB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB54C36C-F07A-4F99-A093-8EF10689E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD57B6E4-9947-4790-BCAF-30B37C7CB837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*",
"matchCriteriaId": "232170D9-923D-4DA5-9A7D-6A5BDCD37165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0BE1B30-DB6E-4029-8212-035449CEE22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*",
"matchCriteriaId": "3181F3BF-8704-4D54-ABC4-CB68C89AF52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61A5F5E-8DCC-4809-A2DE-E39C8E01976F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D2E80CD-0EAA-423B-B885-EDC5BFE962BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*",
"matchCriteriaId": "11F45456-692B-415D-BDBF-BA639AA622BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*",
"matchCriteriaId": "FCEF3E6A-48C3-4A00-B286-58E642DE5928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CE352E5-DFFC-4580-9D5E-95EE7A5C2BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C771C48E-2B29-491D-8FF0-69D81229465D",
"versionEndExcluding": "c.4.2.8.2.0",
"versionStartIncluding": "b.11.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p9 limita la clasificaci\u00f3n de respuestas recibidas desde las fuentes configuradas cuando la limitaci\u00f3n de clasificaci\u00f3n para todas las asociaciones est\u00e1 habilitado, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una direcci\u00f3n de origen suplantada."
}
],
"id": "CVE-2016-7426",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94451"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2017-AVI-212
Vulnerability from certfr_avis - Published: 2017-07-12 - Updated: 2017-07-12
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPView 7.1, 7.2 et 7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CTPOS 7.0, 7.1, 7.2 et 7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r24",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9310",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
},
{
"name": "CVE-2017-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2341"
},
{
"name": "CVE-2017-3135",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3135"
},
{
"name": "CVE-2017-2346",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2346"
},
{
"name": "CVE-2016-7426",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
},
{
"name": "CVE-2017-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2347"
},
{
"name": "CVE-2017-2338",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2338"
},
{
"name": "CVE-2017-2348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2348"
},
{
"name": "CVE-2017-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
},
{
"name": "CVE-2016-7433",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
},
{
"name": "CVE-2016-7429",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
},
{
"name": "CVE-2016-9311",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2016-7434",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
},
{
"name": "CVE-2017-2336",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2336"
},
{
"name": "CVE-2017-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2337"
},
{
"name": "CVE-2016-7427",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
},
{
"name": "CVE-2017-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
},
{
"name": "CVE-2017-10605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10605"
},
{
"name": "CVE-2017-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2344"
},
{
"name": "CVE-2017-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2345"
},
{
"name": "CVE-2017-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2343"
},
{
"name": "CVE-2017-2339",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2339"
},
{
"name": "CVE-2016-7431",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
},
{
"name": "CVE-2016-7055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
},
{
"name": "CVE-2016-1887",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1887"
},
{
"name": "CVE-2016-9312",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
},
{
"name": "CVE-2016-7428",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
},
{
"name": "CVE-2016-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3074"
},
{
"name": "CVE-2017-2314",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2314"
},
{
"name": "CVE-2017-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2342"
},
{
"name": "CVE-2017-2335",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2335"
}
],
"initial_release_date": "2017-07-12T00:00:00",
"last_revision_date": "2017-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-212",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10797 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10797\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10794 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10794\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10789 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10789\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10800 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10800\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10793 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10793\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10791 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10791\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10775 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10795 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10795\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10790 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10790\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10779 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10779\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10787 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10799 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10799\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10796 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10796\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10792 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10792\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10798 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10798\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10782 du 12 juillet 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10782\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2017-AVI-090
Vulnerability from certfr_avis - Published: 2017-03-23 - Updated: 2017-03-23
De multiples vulnérabilités ont été corrigées dans NTP. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NTP versions antérieures à ntp-4.2.8p10
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eNTP versions ant\u00e9rieures \u00e0 ntp-4.2.8p10\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9310",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
},
{
"name": "CVE-2016-7426",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
},
{
"name": "CVE-2016-7433",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
},
{
"name": "CVE-2016-7429",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
},
{
"name": "CVE-2016-7434",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
},
{
"name": "CVE-2016-7427",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
},
{
"name": "CVE-2016-7431",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
},
{
"name": "CVE-2016-9312",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
},
{
"name": "CVE-2016-7428",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
}
],
"initial_release_date": "2017-03-23T00:00:00",
"last_revision_date": "2017-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-090",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eNTP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans NTP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NTP du 21 mars 2017",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
}
]
}
CNVD-2016-11431
Vulnerability from cnvd - Published: 2016-11-24
VLAI Severity ?
Title
ntpd拒绝服务漏洞(CNVD-2016-11431)
Description
Network Time Protocol(NTP)是用于使计算机时间同步化的一种协议,可使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化。把计算机的时钟同步到世界协调时,以确保网络中的数据交互能够顺利进行。NTPD(Network Time Protocol daemon)是一个操作系统守护进程,使用网络时间协议(NTP)与时间服务器的系统时间保持同步,主要用于主机与主机之间的时间同步。
ntpd存在拒绝服务漏洞,攻击者可利用ntpd广播模式回放的预防功能通过定期发送数据包,导致nptd从合法的NTP广播服务器发来广播模式数据包。
Severity
中
Patch Name
ntpd拒绝服务漏洞(CNVD-2016-11431)的补丁
Patch Description
Network Time Protocol(NTP)是用于使计算机时间同步化的一种协议,可使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化。把计算机的时钟同步到世界协调时,以确保网络中的数据交互能够顺利进行。NTPD(Network Time Protocol daemon)是一个操作系统守护进程,使用网络时间协议(NTP)与时间服务器的系统时间保持同步,主要用于主机与主机之间的时间同步。
ntpd存在拒绝服务漏洞,攻击者可利用ntpd广播模式回放的预防功能通过定期发送数据包,导致nptd从合法的NTP广播服务器发来广播模式数据包。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
官方已经发布了版本更新,建议用户升级到最新版本,下载链接如下: http://support.ntp.org/bin/view/Main/SoftwareDownloads
Reference
http://www.securityfocus.com/bid/94451
http://support.ntp.org/bin/view/Main/NtpBug3071
http://www.kb.cert.org/vuls/id/633847
Impacted products
| Name | ['Ntp NTPd >=ntp-4.3.0,<ntp-4.3.94', 'Ntp NTPd >=ntp-4.2.5p203,<ntp-4.2.8p9'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "94451"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-7426"
}
},
"description": "Network Time Protocol\uff08NTP\uff09\u662f\u7528\u4e8e\u4f7f\u8ba1\u7b97\u673a\u65f6\u95f4\u540c\u6b65\u5316\u7684\u4e00\u79cd\u534f\u8bae\uff0c\u53ef\u4f7f\u8ba1\u7b97\u673a\u5bf9\u5176\u670d\u52a1\u5668\u6216\u65f6\u949f\u6e90\uff08\u5982\u77f3\u82f1\u949f\uff0cGPS\u7b49\u7b49)\u505a\u540c\u6b65\u5316\u3002\u628a\u8ba1\u7b97\u673a\u7684\u65f6\u949f\u540c\u6b65\u5230\u4e16\u754c\u534f\u8c03\u65f6\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u4e2d\u7684\u6570\u636e\u4ea4\u4e92\u80fd\u591f\u987a\u5229\u8fdb\u884c\u3002NTPD\uff08Network Time Protocol daemon\uff09\u662f\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4f7f\u7528\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff08NTP\uff09\u4e0e\u65f6\u95f4\u670d\u52a1\u5668\u7684\u7cfb\u7edf\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u4e3b\u8981\u7528\u4e8e\u4e3b\u673a\u4e0e\u4e3b\u673a\u4e4b\u95f4\u7684\u65f6\u95f4\u540c\u6b65\u3002\r\n\r\nntpd\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528ntpd\u5e7f\u64ad\u6a21\u5f0f\u56de\u653e\u7684\u9884\u9632\u529f\u80fd\u901a\u8fc7\u5b9a\u671f\u53d1\u9001\u6570\u636e\u5305\uff0c\u5bfc\u81f4nptd\u4ece\u5408\u6cd5\u7684NTP\u5e7f\u64ad\u670d\u52a1\u5668\u53d1\u6765\u5e7f\u64ad\u6a21\u5f0f\u6570\u636e\u5305\u3002",
"discovererName": "Matthew Van Gundy of Cisco ASIG",
"formalWay": "\u5b98\u65b9\u5df2\u7ecf\u53d1\u5e03\u4e86\u7248\u672c\u66f4\u65b0\uff0c\u5efa\u8bae\u7528\u6237\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff0c\u4e0b\u8f7d\u94fe\u63a5\u5982\u4e0b\uff1a\r\nhttp://support.ntp.org/bin/view/Main/SoftwareDownloads",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-11431",
"openTime": "2016-11-24",
"patchDescription": "Network Time Protocol\uff08NTP\uff09\u662f\u7528\u4e8e\u4f7f\u8ba1\u7b97\u673a\u65f6\u95f4\u540c\u6b65\u5316\u7684\u4e00\u79cd\u534f\u8bae\uff0c\u53ef\u4f7f\u8ba1\u7b97\u673a\u5bf9\u5176\u670d\u52a1\u5668\u6216\u65f6\u949f\u6e90\uff08\u5982\u77f3\u82f1\u949f\uff0cGPS\u7b49\u7b49)\u505a\u540c\u6b65\u5316\u3002\u628a\u8ba1\u7b97\u673a\u7684\u65f6\u949f\u540c\u6b65\u5230\u4e16\u754c\u534f\u8c03\u65f6\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u4e2d\u7684\u6570\u636e\u4ea4\u4e92\u80fd\u591f\u987a\u5229\u8fdb\u884c\u3002NTPD\uff08Network Time Protocol daemon\uff09\u662f\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4f7f\u7528\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff08NTP\uff09\u4e0e\u65f6\u95f4\u670d\u52a1\u5668\u7684\u7cfb\u7edf\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u4e3b\u8981\u7528\u4e8e\u4e3b\u673a\u4e0e\u4e3b\u673a\u4e4b\u95f4\u7684\u65f6\u95f4\u540c\u6b65\u3002\r\n\r\nntpd\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528ntpd\u5e7f\u64ad\u6a21\u5f0f\u56de\u653e\u7684\u9884\u9632\u529f\u80fd\u901a\u8fc7\u5b9a\u671f\u53d1\u9001\u6570\u636e\u5305\uff0c\u5bfc\u81f4nptd\u4ece\u5408\u6cd5\u7684NTP\u5e7f\u64ad\u670d\u52a1\u5668\u53d1\u6765\u5e7f\u64ad\u6a21\u5f0f\u6570\u636e\u5305\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "ntpd\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-11431\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Ntp NTPd \u003e=ntp-4.3.0\uff0c\u003cntp-4.3.94",
"Ntp NTPd \u003e=ntp-4.2.5p203\uff0c\u003cntp-4.2.8p9"
]
},
"referenceLink": "http://www.securityfocus.com/bid/94451\r\nhttp://support.ntp.org/bin/view/Main/NtpBug3071\r\nhttp://www.kb.cert.org/vuls/id/633847",
"serverity": "\u4e2d",
"submitTime": "2016-11-23",
"title": "ntpd\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-11431\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…