CVE-2016-9311
published 2017-01-13CVE-2016-9311: ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a…
PriorityP432medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EPSS
11.09%
95.4th percentile
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ntp | < ntp 1:4.2.8p9+dfsg-1 (bullseye) | ntp 1:4.2.8p9+dfsg-1 (bullseye) |
| ntp | ntp | <= 4.2.8 | — |
| ntp | ntp | >= 0 < 1:4.2.8p9+dfsg-1 | 1:4.2.8p9+dfsg-1 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 |
| ntp | ntp | >= 0 < 1:4.2.8p4+dfsg-3ubuntu5.5 | 1:4.2.8p4+dfsg-3ubuntu5.5 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv5.9MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwm3-rx8m-qmv5: ntpd in NTP before 4
ghsa_unreviewed·2022-05-14
CVE-2016-9311 [HIGH] CWE-476 GHSA-fwm3-rx8m-qmv5: ntpd in NTP before 4
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
OSV
ntp vulnerabilities
osv·2017-07-05·CVSS 5.9
CVE-2016-2519 [MEDIUM] ntp vulnerabilities
ntp vulnerabilities
Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS,
OSV
CVE-2016-9311: ntpd in NTP before 4
osv·2017-01-13·CVSS 5.9
CVE-2016-9311 [MEDIUM] CVE-2016-9311: ntpd in NTP before 4
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2019-01-23·CVSS 7.5
CVE-2016-7426 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. (CVE-2016-7427, CVE-2016-7428)
Matthew Van Gundy discovered that NTP incorrectly handled certain control
mode packets. A remote attacker could use this issue to set or
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2017-07-05·CVSS 5.9
CVE-2016-2519 [MEDIUM] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service.
BSD
FreeBSD-SA-16:39.ntp: Multiple vulnerabilities of ntp
bsd_advisories·2016-12-22·CVSS 7.5
CVE-2016-7426 [HIGH] FreeBSD-SA-16:39.ntp: Multiple vulnerabilities of ntp
FreeBSD-SA-16:39.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2016-12-22
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2016-11-22 16:22:51 UTC (stable/11, 11.0-STABLE)
2016-12-22 16:19:05 UTC (releng/11.0, 11.0-RELEASE-p6)
2016-11-22 16:23:20 UTC (stable/10, 10.3-STABLE)
2016-12-22 16:19:05 UTC (releng/10.3, 10.3-RELEASE-p15)
2016-12-22 16:19:05 UTC (releng/10.2, 10.2-RELEASE-p28)
2016-12-22 16:19:05 UTC (releng/10.1, 10.1-RELEASE-p45)
2016-11-22 16:23:46 UTC (stable/9, 9.3-STABLE)
2016-12-22 16:19:05 UTC (releng/9.3, 9.3-RELEASE-p53)
CVE Name: CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7431,
CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311
For gene
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
vendor_cisco·2016-11-23·CVSS 5.3
CVE-2015-8138 [MEDIUM] CWE-119 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.
The new vulnerabilities disclosed in this document are as follows:
Network Time Protocol Trap Service Denial of S
Red Hat
ntp: Null pointer dereference when trap service is enabled
vendor_redhat·2016-11-21·CVSS 5.9
CVE-2016-9311 [MEDIUM] CWE-476 ntp: Null pointer dereference when trap service is enabled
ntp: Null pointer dereference when trap service is enabled
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service.
Mitigation: Use "restrict default noquery ..." in your ntp.conf file. Only allow mode 6 queries from trusted networks and hosts.
Package: ntp (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2016-9311: ntp - ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote atta...
vendor_debian·2016·CVSS 5.9
CVE-2016-9311 [MEDIUM] CVE-2016-9311: ntp - ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote atta...
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p9+dfsg-1)
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
vendor_cisco
CVE-2016-9311 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
CVE-2016-9311: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that
CWE: CWE-119, CWE-20, CWE-399, CWE-119, CWE-20, CWE-399
Bug IDs: CSCvc22942, CSCvc23435, CSCvc23437, CSCvc22942, CSCvc23435
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled
bugzilla·2016-11-24·CVSS 5.9
CVE-2016-9311 [MEDIUM] CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled
CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled
If trap service, disabled by default, has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service.
External References:
http://support.ntp.org/bin/view/Main/NtpBug3119
Discussion:
Mitigation:
Use "restrict default noquery ..." in your ntp.conf file. Only allow mode 6 queries from trusted networks and hosts.
---
Is an RPM released with fix for this. I haven't seen one @ http://mirror.centos.org.
If not released, what is ETA for same?
Thanks, Keyur
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0252 https://rhn.redhat.c
Bugzilla
CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ntp: various flaws [fedora-all]
bugzilla·2016-11-22·CVSS 7.5
CVE-2016-7426 [HIGH] CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ntp: various flaws [fedora-all]
CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
http://nwtime.org/ntp428p9_release/http://rhn.redhat.com/errata/RHSA-2017-0252.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3119http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitieshttp://www.securityfocus.com/bid/94444http://www.securitytracker.com/id/1037354https://bto.bluecoat.com/security-advisory/sa139https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_ushttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.aschttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_ushttps://usn.ubuntu.com/3707-2/https://www.kb.cert.org/vuls/id/633847http://nwtime.org/ntp428p9_release/http://rhn.redhat.com/errata/RHSA-2017-0252.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3119http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitieshttp://www.securityfocus.com/bid/94444http://www.securitytracker.com/id/1037354https://bto.bluecoat.com/security-advisory/sa139https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_ushttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.aschttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_ushttps://usn.ubuntu.com/3707-2/https://www.kb.cert.org/vuls/id/633847
2017-01-13
Published