CVE-2016-9042
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.02 Low
EPSS
Percentile
88.8%
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
References
packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
seclists.org/fulldisclosure/2017/Nov/7
seclists.org/fulldisclosure/2017/Sep/62
www.securityfocus.com/archive/1/540403/100/0/threaded
www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
www.securityfocus.com/bid/97046
www.securitytracker.com/id/1038123
www.securitytracker.com/id/1039427
www.ubuntu.com/usn/USN-3349-1
bto.bluecoat.com/security-advisory/sa147
cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
kc.mcafee.com/corporate/index?page=content&id=SB10201
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
support.apple.com/kb/HT208144
support.f5.com/csp/article/K39041624
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
us-cert.cisa.gov/ics/advisories/icsa-21-159-11
www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260
Social References
More
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.02 Low
EPSS
Percentile
88.8%