CVE-2016-4957

Published: 05 July 2016

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
mdeslaur
incorrect fix for CVE-2016-1547
redhat's fix for CVE-2016-1547 doesn't introduce this issue
Ubuntu uses redhat's fix

References

Bugs