8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.965 High
EPSS
Percentile
99.6%
Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)
Miroslav Lichvar discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to perform a denial of
service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 16.10. (CVE-2016-7429)
Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly
handled origin timestamps of zero. A remote attacker could possibly use
this issue to bypass the origin timestamp protection mechanism. This issue
only affected Ubuntu 16.10. (CVE-2016-7431)
Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP
incorrectly performed initial sync calculations. This issue only applied
to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)
Magnus Stubman discovered that NTP incorrectly handled certain mrulist
queries. A remote attacker could possibly use this issue to cause NTP to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)
Matthew Van Gund discovered that NTP incorrectly handled origin timestamp
checks. A remote attacker could possibly use this issue to perform a denial
of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04.
(CVE-2016-9042)
Matthew Van Gundy discovered that NTP incorrectly handled certain control
mode packets. A remote attacker could use this issue to set or unset traps.
This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu
16.10. (CVE-2016-9310)
Matthew Van Gundy discovered that NTP incorrectly handled the trap service.
A remote attacker could possibly use this issue to cause NTP to crash,
resulting in a denial of service. This issue only applied to Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)
It was discovered that NTP incorrectly handled memory when processing long
variables. A remote authenticated user could possibly use this issue to
cause NTP to crash, resulting in a denial of service. (CVE-2017-6458)
It was discovered that NTP incorrectly handled memory when processing long
variables. A remote authenticated user could possibly use this issue to
cause NTP to crash, resulting in a denial of service. This issue only
applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)
It was discovered that the NTP legacy DPTS refclock driver incorrectly
handled the /dev/datum device. A local attacker could possibly use this
issue to cause a denial of service. (CVE-2017-6462)
It was discovered that NTP incorrectly handled certain invalid settings
in a :config directive. A remote authenticated user could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2017-6463)
It was discovered that NTP incorrectly handled certain invalid mode
configuration directives. A remote authenticated user could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2017-6464)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 17.04 | noarch | ntp | < 1:4.2.8p9+dfsg-2ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | ntp-dbgsym | < 1:4.2.8p9+dfsg-2ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | ntp-doc | < 1:4.2.8p9+dfsg-2ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | ntpdate | < 1:4.2.8p9+dfsg-2ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | ntpdate-dbgsym | < 1:4.2.8p9+dfsg-2ubuntu1.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | ntp | < 1:4.2.8p8+dfsg-1ubuntu2.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | ntp-dbgsym | < 1:4.2.8p8+dfsg-1ubuntu2.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | ntp-doc | < 1:4.2.8p8+dfsg-1ubuntu2.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | ntpdate | < 1:4.2.8p8+dfsg-1ubuntu2.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | ntpdate-dbgsym | < 1:4.2.8p8+dfsg-1ubuntu2.1 | UNKNOWN |
ubuntu.com/security/CVE-2016-2519
ubuntu.com/security/CVE-2016-7426
ubuntu.com/security/CVE-2016-7427
ubuntu.com/security/CVE-2016-7428
ubuntu.com/security/CVE-2016-7429
ubuntu.com/security/CVE-2016-7431
ubuntu.com/security/CVE-2016-7433
ubuntu.com/security/CVE-2016-7434
ubuntu.com/security/CVE-2016-9042
ubuntu.com/security/CVE-2016-9310
ubuntu.com/security/CVE-2016-9311
ubuntu.com/security/CVE-2017-6458
ubuntu.com/security/CVE-2017-6460
ubuntu.com/security/CVE-2017-6462
ubuntu.com/security/CVE-2017-6463
ubuntu.com/security/CVE-2017-6464
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.965 High
EPSS
Percentile
99.6%