CVE-2016-9311

HIGH

Description

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.

References

http://nwtime.org/ntp428p9_release/

http://rhn.redhat.com/errata/RHSA-2017-0252.html

http://support.ntp.org/bin/view/Main/NtpBug3119

http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

http://www.securityfocus.com/bid/94444

http://www.securitytracker.com/id/1037354

https://bto.bluecoat.com/security-advisory/sa139

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_us

https://usn.ubuntu.com/3707-2/

https://www.kb.cert.org/vuls/id/633847

Details

Source: MITRE

Published: 2017-01-13

Updated: 2019-01-24

Type: CWE-476

Risk Information

CVSS v2.0

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (33 total)

ID	Name	Product	Family	Severity
127353	NewStart CGSL MAIN 4.05 : ntp Multiple Vulnerabilities (NS-SA-2019-0114)	Nessus	NewStart CGSL Local Security Checks	medium
125009	EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)	Nessus	Huawei Local Security Checks	high
121669	Photon OS 1.0: Ntpstat PHSA-2017-0003	Nessus	PhotonOS Local Security Checks	high
121668	Photon OS 1.0: Ntp PHSA-2017-0003	Nessus	PhotonOS Local Security Checks	high
111852	Photon OS 1.0: Guile / Ntp / Ntpstat PHSA-2017-0003 (deprecated)	Nessus	PhotonOS Local Security Checks	high
109688	Amazon Linux 2 : ntp (ALAS-2018-1009)	Nessus	Amazon Linux Local Security Checks	high
106503	pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03)	Nessus	Firewalls	high
104204	OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165)	Nessus	OracleVM Local Security Checks	high
102129	AIX NTP v3 Advisory : ntp_advisory8.asc (IV92194) (IV91803) (IV92193) (IV91951) (IV92192) (IV92067)	Nessus	AIX Local Security Checks	high
101419	Virtuozzo 6 : ntp / ntp-doc / ntp-perl / ntpdate (VZLSA-2017-0252)	Nessus	Virtuozzo Local Security Checks	high
101263	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ntp vulnerabilities (USN-3349-1)	Nessus	Ubuntu Local Security Checks	high
100138	F5 Networks BIG-IP : NTP vulnerability (K55405388)	Nessus	F5 Networks Local Security Checks	high
99869	EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1024)	Nessus	Huawei Local Security Checks	high
99868	EulerOS 2.0 SP1 : ntp (EulerOS-SA-2017-1023)	Nessus	Huawei Local Security Checks	high
99184	AIX NTP v4 Advisory : ntp_advisory8.asc (IV92126) (IV92287)	Nessus	AIX Local Security Checks	high
97058	OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)	Nessus	OracleVM Local Security Checks	high
97039	Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20170206)	Nessus	Scientific Linux Local Security Checks	high
97036	Oracle Linux 6 / 7 : ntp (ELSA-2017-0252)	Nessus	Oracle Linux Local Security Checks	high
97026	CentOS 6 / 7 : ntp (CESA-2017:0252)	Nessus	CentOS Local Security Checks	high
97011	RHEL 6 / 7 : ntp (RHSA-2017:0252)	Nessus	Red Hat Local Security Checks	high
96715	SUSE SLES11 Security Update : ntp (SUSE-SU-2017:0255-1)	Nessus	SuSE Local Security Checks	high
96283	Amazon Linux AMI : ntp (ALAS-2017-781)	Nessus	Amazon Linux Local Security Checks	high
96173	openSUSE Security Update : ntp (openSUSE-2016-1525)	Nessus	SuSE Local Security Checks	high
96123	FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (fcedcdbb-c86e-11e6-b1cf-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	high
95988	SUSE SLES12 Security Update : ntp (SUSE-SU-2016:3196-1)	Nessus	SuSE Local Security Checks	high
95987	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:3195-1)	Nessus	SuSE Local Security Checks	high
95986	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:3193-1)	Nessus	SuSE Local Security Checks	high
95616	Fedora 23 : ntp (2016-e8a8561ee7)	Nessus	Fedora Local Security Checks	high
95615	Fedora 24 : ntp (2016-c198d15316)	Nessus	Fedora Local Security Checks	high
95612	Fedora 25 : ntp (2016-7209ab4e02)	Nessus	Fedora Local Security Checks	high
95575	Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p9 Multiple Vulnerabilities	Nessus	Misc.	high
95265	FreeBSD : ntp -- multiple vulnerabilities (8db8d62a-b08b-11e6-8eba-d050996490d0)	Nessus	FreeBSD Local Security Checks	high
95028	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2016-326-01)	Nessus	Slackware Local Security Checks	high