CVE-2016-4957

CWE-476 — NULL Pointer Dereference11 documents10 sources

Severity

7.5HIGH

EPSS

59.1%

top 1.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Suse Manager NTP NTP Opensuse Leap +6 more

Timeline

PublishedJul 5

Latest updateMay 13

Description

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶Debianntp< 1:4.2.8p8+dfsg-1

▶NVDntp/ntp4.2.8, 4.3.92+1

▶NVDopensuse/leap42.1

▶NVDoracle/solaris10, 11.3+1

▶NVDopensuse/opensuse13.2

Patches

Patch: support.ntp.org ↗Patch: support.ntp.org ↗

🔴Vulnerability Details

GHSA

GHSA-3mq4-x52h-fcwc: ntpd in NTP before 4↗2022-05-13

▶

CVEList

CVE-2016-4957: ntpd in NTP before 4↗2016-07-05

▶

OSV

CVE-2016-4957: ntpd in NTP before 4↗2016-07-05

▶

📋Vendor Advisories

BSD

FreeBSD-SA-16:24.ntp: Multiple vulnerabilities of ntp↗2016-06-04

▶

Cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016↗2016-06-03

▶

Red Hat

ntp: crypto-NAK DoS (incorrect fix for CVE-2016-1547)↗2016-06-02

▶

Debian

CVE-2016-4957: ntp - ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service ...↗2016

▶

🕵️Threat Intelligence

Fortinet

Analysis of Vulnerability CVE-2016-4957 in NTPD↗2016-06-20

▶

💬Community

Bugzilla

CVE-2016-4957 ntp: crypto-NAK DoS (incorrect fix for CVE-2016-1547)↗2016-05-30

▶

Bugzilla

CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9↗2016-04-25

▶