CVE-2016-4956
Published: 04 July 2016
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
Priority
Low
CVSS 3 base score: 5.3
Status
| Package | Release | Status |
|---|---|---|
|
ntp Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1:4.2.8p4+dfsg-3ubuntu5.3)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
|
|
|
Patches: Vendor: http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2016-4956.patch |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | incomplete fix for CVE-2016-1548 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
- http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
- https://ubuntu.com/security/notices/USN-3096-1
- NVD
- Launchpad
- Debian