ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

OSVersionArchitecturePackageVersionFilename
Debian11allntp< 1:4.2.8p8+dfsg-1ntp_1:4.2.8p8+dfsg-1_all.deb
Debian10allntp< 1:4.2.8p8+dfsg-1ntp_1:4.2.8p8+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	ntp	< 1:4.2.8p8+dfsg-1	ntp_1:4.2.8p8+dfsg-1_all.deb
Debian	10	all	ntp	< 1:4.2.8p8+dfsg-1	ntp_1:4.2.8p8+dfsg-1_all.deb

cve 2

prion 2

redhatcve 1

f5 4

ubuntucve 3

seebug 2

talos 2

checkpoint_advisories 1

debiancve 1

veracode 1

nessus 38

aix 1

suse 12

cisco 2

openvas 25

slackware 2

freebsd 2

archlinux 1

cert 2

freebsd_advisory 2

ibm 14

redhat 2

oraclelinux 3

centos 1

debian 2

arista 1

osv 2

fortinet 1

ics 2

cloudfoundry 1

gentoo 1

ubuntu 1

oracle 1

cve

CVE-2016-4957

2016-07-05 01:59:00

CVE-2016-1547

2017-01-06 21:59:00

prion

Design/Logic Flaw

2016-07-05 01:59:00

Authentication flaw

2017-01-06 21:59:00

redhatcve

CVE-2016-4957

2016-06-02 13:49:32

SOL23453330 - NTP vulnerability CVE-2016-4957

2016-06-15 00:00:00

K23453330 : NTP vulnerability CVE-2016-4957

2016-06-15 00:00:00

SOL11251130 - NTP vulnerability CVE-2016-1547

2016-05-25 00:00:00

ubuntucve

CVE-2016-4957

2016-07-05 00:00:00

CVE-2016-1547

2016-04-29 00:00:00

CVE-2016-4953

2016-07-05 00:00:00

seebug

Network Time Protocol Trap Crash Denial of Service Vulnerability(CVE-2016-9311)

2017-10-11 00:00:00

Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability(CVE-2016-1547)

2017-10-26 00:00:00

talos

Network Time Protocol Trap Crash Denial of Service Vulnerability

2016-11-21 00:00:00

Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability

2016-04-26 00:00:00

checkpoint_advisories

Network Time Protocol Daemon crypto-NAK Denial of Service (CVE-2016-4957)

2016-07-05 00:00:00

debiancve

CVE-2016-1547

2017-01-06 21:59:00

veracode

Denial Of Service (DoS)

2019-05-02 05:34:28

nessus

F5 Networks BIG-IP : NTP vulnerability (K11251130)

2016-12-21 00:00:00

AIX 5.3 TL 12 : ntp (IV87614) (deprecated)

2016-09-08 00:00:00

AIX 7.2 TL 0 : ntp (IV87939) (deprecated)

2016-09-08 00:00:00

aix

Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS

2016-09-06 09:07:16

suse

Security update for ntp (important)

2016-06-17 14:08:38

Security update for ntp (important)

2016-06-15 11:08:36

Security update for ntp (important)

2016-06-20 21:07:55

cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016

2016-06-03 16:00:00

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

2016-04-28 09:00:00

openvas

openSUSE: Security Advisory for ntp (openSUSE-SU-2016:1636-1)

2016-06-21 00:00:00

NTP.org 'ntpd' Multiple Vulnerabilities (Jun 2016)

2016-06-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:1584-1)

2021-06-09 00:00:00

slackware

[slackware-security] ntp

2016-06-04 00:43:43

[slackware-security] ntp

2016-04-29 21:57:25

freebsd

FreeBSD -- Multiple ntp vulnerabilities

2016-06-04 00:00:00

ntp -- multiple vulnerabilities

2016-04-26 00:00:00

archlinux

ntp: distributed denial of service amplification

2016-06-04 00:00:00

cert

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

2016-06-02 00:00:00

NTP.org ntpd contains multiple vulnerabilities

2016-04-27 00:00:00

freebsd_advisory

FreeBSD-SA-16:24.ntp

2016-06-04 00:00:00

FreeBSD-SA-16:16.ntp

2016-04-29 00:00:00

ibm

Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

2023-04-14 14:32:25

Security Bulletin: Vulnerabilities in NTP affect Power Hardware Management Console

2021-09-23 01:31:39

Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVM

2018-06-18 01:32:32

redhat

(RHSA-2016:1552) Moderate: ntp security update

2016-08-03 04:36:58

(RHSA-2016:1141) Moderate: ntp security update

2016-05-31 05:04:27

oraclelinux

ntp security update

2016-05-31 00:00:00

ntp security update

2017-10-26 00:00:00

ntp security and bug fix update

2016-11-09 00:00:00

centos

ntp, ntpdate, sntp security update

2016-05-31 10:58:56

debian

[SECURITY] [DLA 559-1] ntp security update

2016-07-25 21:37:14

[SECURITY] [DSA 3629-1] ntp security update

2016-07-25 21:15:32

arista

Security Advisory 0019

2018-04-25 00:00:00

osv

ntp - security update

2016-07-25 00:00:00

ntp - security update

2016-07-25 00:00:00

fortinet

ntp-4.2.8p7 Security Vulnerability Announcement April 2016

2017-04-03 00:00:00

ics

Siemens TIM 4R-IE Devices

2021-04-13 12:00:00

Siemens SIMATIC NET CP 443-1 OPC UA

2021-06-08 12:00:00

cloudfoundry

USN-3096-1: NTP vulnerabilities | Cloud Foundry

2016-12-21 00:00:00

gentoo

NTP: Multiple vulnerabilities

2016-07-20 00:00:00

ubuntu

NTP vulnerabilities

2016-10-05 00:00:00

oracle

Oracle Critical Patch Update - July 2016

2016-07-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.923 High

EPSS

Percentile

98.9%

JSON

Related for DEBIANCVE:CVE-2016-4957