Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-2517

Published: 30 January 2017

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

Notes

AuthorNote
mdeslaur
isn't really considered a security issue since remote user
can do other equivalent configuration changes, ignoring.

Priority

Negligible

CVSS 3 base score: 5.3

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
upstream
Released (1:4.2.8p7+dfsg-1)
precise Ignored

trusty Ignored

wily Ignored

xenial Ignored

Patches:
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=56c78c41-oKNCUhyU5kKQCxLjnp0Fw
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=56c977bdf6CLtHiqg1_rd2II7E0dqA