7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.923 High
EPSS
Percentile
98.9%
NTP.org’s reference implementation of NTP server, ntpd
, contains multiple vulnerabilities.
NTP.org’s reference implementation of NTP server, ntpd
, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP’s security advisory listing and in the individual links below.
CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability.
Bad authentication demobilizes ephemeral associations. See Sec 3045, CVE-2016-4953.
Processing of spoofed server packets affects peer variables. See Sec 3044, CVE-2016-4954.
Autokey associations may be reset when repeatedly receiving spoofed packets. See Sec 3043, CVE-2016-4955.
Broadcast associations are not covered in Sec 2978 patch, which may be leveraged to flip broadcast clients into interleave mode. See Sec 3042, CVE-2016-4956.
Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.
Apply an update
The vendor has released version 4.2.8p8 to address these issues. Users are encouraged to update to the latest release. Those unable to update should consider mitigations listed in NTP’s security advisory listing.
321640
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 27, 2016 Updated: June 06, 2016
Statement Date: June 04, 2016
Affected
As of 2016-06-04 05:46:52 UTC, we published fix for all supported FreeBSD releases. We have published a security advisory for this at <https://www.freebsd.org/security/advisories/FreeBSD-SA-16:24.ntp.asc> .
We are not aware of further vendor information regarding this vulnerability.
Notified: May 25, 2016 Updated: June 02, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
Notified: May 27, 2016 Updated: May 27, 2016
Unknown
We have not received a statement from the vendor.
View all 75 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Temporal | 6.4 | E:F/RL:OF/RC:C |
Environmental | 6.4 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND |
The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.
This document was written by Joel Land.
CVE IDs: | CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957 |
---|---|
Date Public: | 2016-06-02 Date First Published: |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.923 High
EPSS
Percentile
98.9%