CVE-2016-7429
Published: 13 January 2017
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
Priority
CVSS 3 base score: 3.7
Status
Package | Release | Status |
---|---|---|
ntp Launchpad, Ubuntu, Debian |
Upstream |
Released
(1:4.2.8p9+dfsg-1, ntp-4.2.8p9)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1:4.2.8p4+dfsg-3ubuntu5.5)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.11)
|
|
Patches: Vendor: https://git.centos.org/blob/rpms!ntp.git/4eb1db127a6177011bd913bf4f446e8f701179d6/SOURCES!ntp-4.2.6p5-cve-2016-7429.patch Upstream: http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=57d78deeyfknMUHpF4CWmP8gRRf6qg Upstream: http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=57ef749cgdfwOxXsUdn3G64d0KIoUQ Upstream: http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=58662b53ZwV8BJejPYblqOussZZZ_w |
Notes
Author | Note |
---|---|
mdeslaur | ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and ntp-4.3.0 up to, but not including ntp-4.3.94 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429
- https://usn.ubuntu.com/usn/usn-3349-1
- NVD
- Launchpad
- Debian