CVE-2016-2519
Published: 30 January 2017
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
Notes
| Author | Note |
|---|---|
| mdeslaur | trusty doesn't use ctl_getitem without checking the return code |
Priority
CVSS 3 base score: 5.9
Status
| Package | Release | Status |
|---|---|---|
|
ntp Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Released
(1:4.2.8p7+dfsg-1)
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(1:4.2.8p4+dfsg-3ubuntu5.5)
|
|
| yakkety |
Not vulnerable
(1:4.2.8p8+dfsg-1ubuntu2)
|
|
| zesty |
Not vulnerable
(1:4.2.8p8+dfsg-1ubuntu2)
|
|
|
Patches: upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=56c42f8duq9gfoqZ32JJca-MvyCkQA |
||