CVE-2016-9042Improper Input Validation in Network Time Protocol

CWE-20Improper Input Validation10 documents10 sources
Severity
5.9MEDIUMNVD
EPSS
4.8%
top 10.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
NTPHPE Hpux-ntpTalos Network Time Protocol+1 more
Timeline
PublishedJun 4
Latest updateMay 13

Description

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

CVEListV5talos/network_time_protocolNTP 4.2.8p9
NVDhpe/hpux-ntp< c.4.2.8.4.0
Debianntp/ntp< 1:4.2.8p10+dfsg-1
NVDntp/ntp4.2.8

Also affects: Freebsd 10.0, 11.0

🔴Vulnerability Details

3
GHSA
GHSA-7wvh-qg35-v45r: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 42022-05-13
CVEList
CVE-2016-9042: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 42018-06-04
OSV
CVE-2016-9042: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 42018-06-04

📋Vendor Advisories

5
Apple
CVE-2016-9042: macOS High Sierra 10.132017-09-25
Ubuntu
NTP vulnerabilities2017-07-05
BSD
FreeBSD-SA-17:03.ntp: Multiple vulnerabilities of ntp2017-04-12
Red Hat
ntp: DoS via origin timestamp check functionality2017-03-21
Debian
CVE-2016-9042: ntp - An exploitable denial of service vulnerability exists in the origin timestamp ch...2016

💬Community

1
Bugzilla
CVE-2016-9042 ntp: DoS via origin timestamp check functionality2017-03-20