Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3349-1
HistoryJul 05, 2017 - 12:00 a.m.

NTP vulnerabilities

2017-07-0500:00:00
ubuntu.com
48

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Releases

  • Ubuntu 17.04
  • Ubuntu 16.10
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • ntp - Network Time Protocol daemon and utility programs

Details

Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)

Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)

Miroslav Lichvar discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to perform a denial of
service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 16.10. (CVE-2016-7429)

Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly
handled origin timestamps of zero. A remote attacker could possibly use
this issue to bypass the origin timestamp protection mechanism. This issue
only affected Ubuntu 16.10. (CVE-2016-7431)

Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP
incorrectly performed initial sync calculations. This issue only applied
to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)

Magnus Stubman discovered that NTP incorrectly handled certain mrulist
queries. A remote attacker could possibly use this issue to cause NTP to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)

Matthew Van Gund discovered that NTP incorrectly handled origin timestamp
checks. A remote attacker could possibly use this issue to perform a denial
of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04.
(CVE-2016-9042)

Matthew Van Gundy discovered that NTP incorrectly handled certain control
mode packets. A remote attacker could use this issue to set or unset traps.
This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu
16.10. (CVE-2016-9310)

Matthew Van Gundy discovered that NTP incorrectly handled the trap service.
A remote attacker could possibly use this issue to cause NTP to crash,
resulting in a denial of service. This issue only applied to Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)

It was discovered that NTP incorrectly handled memory when processing long
variables. A remote authenticated user could possibly use this issue to
cause NTP to crash, resulting in a denial of service. (CVE-2017-6458)

It was discovered that NTP incorrectly handled memory when processing long
variables. A remote authenticated user could possibly use this issue to
cause NTP to crash, resulting in a denial of service. This issue only
applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)

It was discovered that the NTP legacy DPTS refclock driver incorrectly
handled the /dev/datum device. A local attacker could possibly use this
issue to cause a denial of service. (CVE-2017-6462)

It was discovered that NTP incorrectly handled certain invalid settings
in a :config directive. A remote authenticated user could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2017-6463)

It was discovered that NTP incorrectly handled certain invalid mode
configuration directives. A remote authenticated user could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2017-6464)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.04noarchntp< 1:4.2.8p9+dfsg-2ubuntu1.1UNKNOWN
Ubuntu17.04noarchntp-dbgsym< 1:4.2.8p9+dfsg-2ubuntu1.1UNKNOWN
Ubuntu17.04noarchntp-doc< 1:4.2.8p9+dfsg-2ubuntu1.1UNKNOWN
Ubuntu17.04noarchntpdate< 1:4.2.8p9+dfsg-2ubuntu1.1UNKNOWN
Ubuntu17.04noarchntpdate-dbgsym< 1:4.2.8p9+dfsg-2ubuntu1.1UNKNOWN
Ubuntu16.10noarchntp< 1:4.2.8p8+dfsg-1ubuntu2.1UNKNOWN
Ubuntu16.10noarchntp-dbgsym< 1:4.2.8p8+dfsg-1ubuntu2.1UNKNOWN
Ubuntu16.10noarchntp-doc< 1:4.2.8p8+dfsg-1ubuntu2.1UNKNOWN
Ubuntu16.10noarchntpdate< 1:4.2.8p8+dfsg-1ubuntu2.1UNKNOWN
Ubuntu16.10noarchntpdate-dbgsym< 1:4.2.8p8+dfsg-1ubuntu2.1UNKNOWN
Rows per page:
1-10 of 191

Related

nessus 70
openvas 39
cloudfoundry 1
archlinux 1
huawei 1
ibm 23
freebsd_advisory 2
freebsd 3
slackware 2
oraclelinux 4
cert 1
symantec 2
cisco 1
fedora 6
centos 3
amazon 3
redhat 3
mageia 2
aix 2
ubuntu 1
f5 3
myhack58 3
ubuntucve 2
talos 1
seebug 2
thn 1
prion 4
redhatcve 2
packetstorm 1
cve 3
threatpost 1
checkpoint_advisories 1
zdt 1
hackerone 1
debiancve 1
veracode 1
exploitpack 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : NTP vulnerabilities (USN-3349-1)
2017-07-06 00:00:00
Photon OS 1.0: Ntp PHSA-2017-0003
2019-02-07 00:00:00
FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (fcedcdbb-c86e-11e6-b1cf-14dae9d210b8)
2016-12-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3349-1)
2017-07-14 00:00:00
Slackware: Security Advisory (SSA:2016-326-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3195-1)
2021-04-19 00:00:00
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
archlinux
archlinux
[ASA-201611-28] ntp: multiple issues
2016-11-26 00:00:00
huawei
huawei
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
2017-11-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
Security Bulletin: Multiple Ntp vulnerability affects IBM Identity Security Governance
2018-06-16 21:59:07
Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM)
2018-06-18 01:38:11
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:39.ntp
2016-12-22 00:00:00
FreeBSD-SA-17:03.ntp
2017-04-12 00:00:00
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities of ntp
2016-12-22 00:00:00
ntp -- multiple vulnerabilities
2016-11-21 00:00:00
FreeBSD -- Multiple vulnerabilities of ntp
2017-04-12 00:00:00
slackware
slackware
[slackware-security] ntp
2016-11-21 19:25:10
[slackware-security] ntp
2017-04-22 16:42:41
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2018-04-16 00:00:00
ntp security update
2017-02-06 00:00:00
ntp security update
2017-10-26 00:00:00
cert
cert
NTP.org ntpd contains multiple denial of service vulnerabilities
2016-11-21 00:00:00
symantec
symantec
SA139 : November 2016 NTP Security Vulnerabilities
2017-01-12 08:00:00
SA147 : March 2017 NTP Security Vulnerabilities
2017-04-13 08:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
2016-11-23 16:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-43.fc23
2016-12-08 03:20:50
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-43.fc25
2016-12-08 03:53:53
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-43.fc24
2016-12-07 20:21:32
centos
centos
ntp, ntpdate, sntp security update
2017-02-06 11:25:17
ntp, ntpdate, sntp security update
2018-04-26 17:47:34
ntp, ntpdate security update
2017-10-26 11:47:10
amazon
amazon
Medium: ntp
2017-01-04 17:00:00
Medium: ntp
2017-04-20 05:54:00
Medium: ntp
2018-05-10 17:11:00
redhat
redhat
(RHSA-2017:0252) Moderate: ntp security update
2017-02-06 03:59:03
(RHSA-2018:0855) Moderate: ntp security, bug fix, and enhancement update
2018-04-10 05:02:34
(RHSA-2017:3071) Moderate: ntp security update
2017-10-26 06:19:03
mageia
mageia
Updated ntp packages fix security vulnerabilities
2016-12-08 10:33:24
Updated ntp packages fix security vulnerability
2017-05-09 09:35:29
aix
aix
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.
2017-02-13 15:32:47
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact VIOS
2017-07-06 14:53:51
ubuntu
ubuntu
NTP vulnerabilities
2019-01-23 00:00:00
f5
f5
K80996302 : Multiple NTP vulnerabilities
2016-12-16 00:00:00
K63326092 : NTP vulnerability CVE-2016-7434
2016-11-29 00:00:00
SOL63326092 - NTP vulnerability CVE-2016-7434
2016-11-29 00:00:00
myhack58
myhack58
Doing things the NTP----CVE-2016-7434 vulnerability analysis-vulnerability warning-the black bar safety net
2016-12-03 00:00:00
Doing things the NTP----CVE-2016-7434 vulnerability analysis-vulnerability warning-the black bar safety net
2016-12-03 00:00:00
NTPD denial of service vulnerability, CVE-2016-7434 analysis-vulnerability warning-the black bar safety net
2016-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2016-9042
2016-12-31 00:00:00
CVE-2016-7434
2017-01-13 00:00:00
talos
talos
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability
2017-03-29 00:00:00
seebug
seebug
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)
2017-09-20 00:00:00
ntpd remote pre-auth DoS (CVE-2016-7434)
2016-11-23 00:00:00
thn
thn
NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws
2016-11-22 22:49:00
prion
prion
Design/Logic Flaw
2017-01-13 16:59:00
Code injection
2017-01-13 16:59:00
Design/Logic Flaw
2017-01-13 16:59:00
redhatcve
redhatcve
CVE-2016-7434
2016-11-22 10:47:41
CVE-2016-9042
2017-03-22 02:17:57
packetstorm
packetstorm
ntpd 4.2.7.p22 / 4.3.0 Denial Of Service
2016-11-22 00:00:00
cve
cve
CVE-2016-7434
2017-01-13 16:59:00
CVE-2016-7428
2017-01-13 16:59:00
CVE-2016-7427
2017-01-13 16:59:00
threatpost
threatpost
Exploit Code Released for NTP Vulnerability
2016-11-22 10:30:41
checkpoint_advisories
checkpoint_advisories
NTP Daemon _IO_str_init_static_internal Denial of Service (CVE-2016-7434)
2016-11-23 00:00:00
zdt
zdt
NTP 4.2.8p8 - Denial of Service Exploit
2016-11-23 00:00:00
hackerone
hackerone
Internet Bug Bounty: ntpd: read_mru_list() does inadequate incoming packet checks
2016-06-25 21:36:45
debiancve
debiancve
CVE-2016-7434
2017-01-13 16:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:44
exploitpack
exploitpack
NTP 4.2.8p8 - Denial of Service
2016-11-21 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.965 High

EPSS

Percentile

99.6%

JSON
Related for USN-3349-1
nessus70openvas39cloudfoundry1archlinux1huawei1ibm23freebsd_advisory2freebsd3slackware2oraclelinux4cert1symantec2cisco1fedora6centos3amazon3redhat3mageia2aix2ubuntu1f53myhack583ubuntucve2talos1seebug2thn1prion4redhatcve2packetstorm1cve3threatpost1checkpoint_advisories1zdt1hackerone1debiancve1veracode1exploitpack1