CVE-2016-9310
published 2017-01-13CVE-2016-9310: The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
PriorityP343medium6.5CVSS 3.0
AVNACLPRNUINSUCLINAL
EPSS
11.07%
95.4th percentile
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ntp | < ntp 1:4.2.8p9+dfsg-1 (bullseye) | ntp 1:4.2.8p9+dfsg-1 (bullseye) |
| ntp | ntp | <= 4.2.8 | — |
| ntp | ntp | >= 0 < 1:4.2.8p9+dfsg-1 | 1:4.2.8p9+dfsg-1 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 |
| ntp | ntp | >= 0 < 1:4.2.8p4+dfsg-3ubuntu5.5 | 1:4.2.8p4+dfsg-3ubuntu5.5 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv6.5MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x99c-5hjh-5p3r: The control mode (mode 6) functionality in ntpd in NTP before 4
ghsa_unreviewed·2022-05-14
CVE-2016-9310 [MEDIUM] CWE-400 GHSA-x99c-5hjh-5p3r: The control mode (mode 6) functionality in ntpd in NTP before 4
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
OSV
ntp vulnerabilities
osv·2017-07-05·CVSS 5.9
CVE-2016-2519 [MEDIUM] ntp vulnerabilities
ntp vulnerabilities
Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS,
OSV
CVE-2016-9310: The control mode (mode 6) functionality in ntpd in NTP before 4
osv·2017-01-13·CVSS 6.5
CVE-2016-9310 [MEDIUM] CVE-2016-9310: The control mode (mode 6) functionality in ntpd in NTP before 4
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2019-01-23·CVSS 7.5
CVE-2016-7426 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. (CVE-2016-7427, CVE-2016-7428)
Matthew Van Gundy discovered that NTP incorrectly handled certain control
mode packets. A remote attacker could use this issue to set or
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2017-07-05·CVSS 5.9
CVE-2016-2519 [MEDIUM] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service.
BSD
FreeBSD-SA-16:39.ntp: Multiple vulnerabilities of ntp
bsd_advisories·2016-12-22·CVSS 7.5
CVE-2016-7426 [HIGH] FreeBSD-SA-16:39.ntp: Multiple vulnerabilities of ntp
FreeBSD-SA-16:39.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2016-12-22
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2016-11-22 16:22:51 UTC (stable/11, 11.0-STABLE)
2016-12-22 16:19:05 UTC (releng/11.0, 11.0-RELEASE-p6)
2016-11-22 16:23:20 UTC (stable/10, 10.3-STABLE)
2016-12-22 16:19:05 UTC (releng/10.3, 10.3-RELEASE-p15)
2016-12-22 16:19:05 UTC (releng/10.2, 10.2-RELEASE-p28)
2016-12-22 16:19:05 UTC (releng/10.1, 10.1-RELEASE-p45)
2016-11-22 16:23:46 UTC (stable/9, 9.3-STABLE)
2016-12-22 16:19:05 UTC (releng/9.3, 9.3-RELEASE-p53)
CVE Name: CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7431,
CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311
For gene
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
vendor_cisco·2016-11-23·CVSS 5.3
CVE-2015-8138 [MEDIUM] CWE-119 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.
The new vulnerabilities disclosed in this document are as follows:
Network Time Protocol Trap Service Denial of S
Red Hat
ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
vendor_redhat·2016-11-21·CVSS 6.5
CVE-2016-9310 [MEDIUM] CWE-400 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks.
Mitigation: Use "restrict default noquery ..." in your ntp.conf file.
Package: ntp (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2016-9310: ntp - The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows rem...
vendor_debian·2016·CVSS 6.5
CVE-2016-9310 [MEDIUM] CVE-2016-9310: ntp - The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows rem...
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
vendor_cisco
CVE-2016-9310 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
CVE-2016-9310: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that
CWE: CWE-119, CWE-20, CWE-399, CWE-119, CWE-20, CWE-399
Bug IDs: CSCvc22942, CSCvc23435, CSCvc23437, CSCvc22942, CSCvc23435
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9310 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
bugzilla·2016-11-22·CVSS 6.5
CVE-2016-9310 [MEDIUM] CVE-2016-9310 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
CVE-2016-9310 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, "restrict default noquery ..." is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.
External References:
http://support.ntp.org/bin/view/Main/NtpBug3118
Discussion:
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1397351]
---
Mitigation:
Use "restrict default noquery ..." in your ntp.conf file.
---
Is an RPM
Bugzilla
CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ntp: various flaws [fedora-all]
bugzilla·2016-11-22·CVSS 7.5
CVE-2016-7426 [HIGH] CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ntp: various flaws [fedora-all]
CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
http://nwtime.org/ntp428p9_release/http://rhn.redhat.com/errata/RHSA-2017-0252.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3118http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitieshttp://www.securityfocus.com/bid/94452http://www.securitytracker.com/id/1037354https://bto.bluecoat.com/security-advisory/sa139https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_ushttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.aschttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_ushttps://usn.ubuntu.com/3707-2/https://www.kb.cert.org/vuls/id/633847http://nwtime.org/ntp428p9_release/http://rhn.redhat.com/errata/RHSA-2017-0252.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3118http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitieshttp://www.securityfocus.com/bid/94452http://www.securitytracker.com/id/1037354https://bto.bluecoat.com/security-advisory/sa139https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_ushttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.aschttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_ushttps://usn.ubuntu.com/3707-2/https://www.kb.cert.org/vuls/id/633847
2017-01-13
Published