Linux Distros Unpatched Vulnerability : CVE-2016-9310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2016-93...

Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311)

Summary There are multiple vulnerabilities in the Network Time Protocol NTP implementation embedded within the IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2016-7427 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in broadcast mode replay prevention...

Slackware: Security Advisory (SSA:2016-326-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:3193-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Juniper Junos OS Multiple Vulnerabilities (JSA11171)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11171 advisory. - The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2016-9310...

Security Bulletin: Multiple vulnerabilities in Open Source NTP and ISC BIND affect IBM Netezza Host Management

Summary Open Source NTP and ISC BIND are used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9310 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the control mode mode 6 functionalit...

NewStart CGSL MAIN 4.05 : ntp Multiple Vulnerabilities (NS-SA-2019-0114)

The remote NewStart CGSL host, running version MAIN 4.05, has ntp packages installed that are affected by multiple vulnerabilities: - It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A...

Photon OS 1.0: Ntpstat PHSA-2017-0003

An update of the ntpstat package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0003. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121669;...

Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)

Summary IBM Security Guardium is affected by Using Components with Known vulnerabilities. IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2014-3584 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received...

Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities

Summary IBM Security Access Manager has addressed the following vulnerabilities that have been identified in Network Time Protocol NTP. Vulnerability Details CVEID: CVE-2016-7426 DESCRIPTION: NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By...

Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection

Summary There are multiple vulnerabilities in NTP that is used by IBM Security Network Protection. These vulnerabilities include CVE-2016-7426, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, and CVE-2016-7429. Vulnerability Details CVEID: CVE-2016-7426 DESCRIPTION: NTP is vulnerable to a denial of...

Security Bulletin: Network Time Protocol (NTP) vulnerability in AIX which is used by IBM OS Images in IBM PureApplication Systems (CVE-2016-9310)

Summary There are vulnerabilities in the Network Time Protocol NTP in AIX that is used by the OS Images for IBM PureApplication Software Suite, IBM Bluemix Local System and IBM PureApplication System/Software Vulnerability Details CVEID: CVE-2016-9310 DESCRIPTION: NTP is vulnerable to a denial of...

Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)

Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...

AIX NTP v3 Advisory : ntp_advisory8.asc (IV92194) (IV91803) (IV92193) (IV91951) (IV92192) (IV92067)

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the broadcast mode replay prevention functionality. An unauthenticated, adjacent attacker can exploit this, via specially crafted broadcast mode NTP...

Ubuntu 14.04 LTS / 16.04 LTS : NTP vulnerabilities (USN-3349-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3349-1 advisory. Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to caus...

USN-3349-1: NTP vulnerabilities

Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2016-2519 Miroslav Lichvar discovered that NTP incorrectly...

AIX NTP v4 Advisory : ntp_advisory8.asc (IV92126) (IV92287)

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the broadcast mode replay prevention functionality. An unauthenticated, adjacent attacker can exploit this, via specially crafted broadcast mode NTP...

There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.

IBM SECURITY ADVISORY First Issued: Mon Feb 13 15:32:47 CST 2017 |Updated: Mon Oct 2 10:47:12 CDT 2017 |Update 2: Removed bos.net.tcp.ntp from the impacted fileset list for | AIX 7200-01-02. Fileset bos.net.tcp.ntpd is still listed as impacted | for AIX 7200-01-02. The most recent version of this...

OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)

The remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf CVE-2013-5211 - don't limit rate of packets from sources CVE-2016-7426 - don't change interface from received packets CVE-2016-7429 - fix calculation of root...

CentOS 6 / 7 : ntp (CESA-2017:0252)

An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...