CVE-2016-9042

medium

Description

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc

http://www.securitytracker.com/id/1039427

http://www.securitytracker.com/id/1038123

http://www.securityfocus.com/bid/97046

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10201

http://seclists.org/fulldisclosure/2017/Nov/7

http://seclists.org/fulldisclosure/2017/Sep/62

https://support.f5.com/csp/article/K39041624

http://www.securityfocus.com/archive/1/540403/100/0/threaded

https://bto.bluecoat.com/security-advisory/sa147

http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded

https://lists.fedoraproject.org/archives/list/[email protected]/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/

http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html

http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded

http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

http://www.ubuntu.com/usn/USN-3349-1

https://support.apple.com/kb/HT208144

Details

Source: MITRE

Published: 2018-06-04

Updated: 2022-04-19

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM