CVE-2016-4957

Summary

CVE	CVE-2016-4957
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-07-05 01:59:00 UTC
Updated	2020-06-18 18:07:00 UTC
Description	ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Novell	Suse Manager	2.1	All	All	All
Operating System	Novell	Suse Manager	2.1	All	All	All
Application	Ntp	Ntp	4.2.8	p7	All	All
Application	Ntp	Ntp	4.3.92	All	All	All
Application	Ntp	Ntp	4.2.8	p7	All	All
Application	Ntp	Ntp	4.3.92	All	All	All
Operating System	Opensuse	Leap	42.1	All	All	All
Operating System	Opensuse	Leap	42.1	All	All	All
Operating System	Opensuse	Opensuse	13.2	All	All	All
Operating System	Opensuse	Opensuse	13.2	All	All	All
Operating System	Oracle	Solaris	10	All	All	All
Operating System	Oracle	Solaris	11.3	All	All	All
Operating System	Oracle	Solaris	10	All	All	All
Operating System	Oracle	Solaris	11.3	All	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp1	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp1	All	All
Operating System	Suse	Linux Enterprise Server	11	sp2	All	All
Operating System	Suse	Linux Enterprise Server	11	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp4	All	All
Operating System	Suse	Linux Enterprise Server	12	sp1	All	All
Operating System	Suse	Linux Enterprise Server	11	sp2	All	All
Operating System	Suse	Linux Enterprise Server	11	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp4	All	All
Operating System	Suse	Linux Enterprise Server	12	sp1	All	All
Application	Suse	Manager Proxy	2.1	All	All	All
Application	Suse	Manager Proxy	2.1	All	All	All
Application	Suse	Openstack Cloud	5	All	All	All
Application	Suse	Openstack Cloud	5	All	All	All

References

Reference	Source	Link	Tags
Oracle Solaris Bulletin - April 2016	CONFIRM	www.oracle.com	Third Party Advisory
[security-announce] openSUSE-SU-2016:1636-1: important: Security update	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
[security-announce] openSUSE-SU-2016:1583-1: important: Security update	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
NTP: Multiple vulnerabilities (GLSA 201607-15) — Gentoo Security	GENTOO	security.gentoo.org	Third Party Advisory
[security-announce] SUSE-SU-2016:1602-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
ntp Multiple Bugs Let Remote Users Modify Parameters and Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
support.ntp.org/bin/view/Main/SecurityNotice	CONFIRM	support.ntp.org	Release Notes, Vendor Advisory
support.ntp.org/bin/view/Main/NtpBug3046	CONFIRM	support.ntp.org	Patch, Vendor Advisory
Bug 3046 – CRYPTO_NAK crash	CONFIRM	bugs.ntp.org	Issue Tracking, Vendor Advisory
Vulnerability Note VU#321640 - NTP.org ntpd is vulnerable to denial of service and other vulnerabilities	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
[security-announce] SUSE-SU-2016:1563-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2016:1584-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
FreeBSD-SA-16:24	FREEBSD	security.FreeBSD.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

690292 Free Berkeley Software Distribution (FreeBSD) Security Update for FreeBSD (7cfcea05-600a-11e6-a6c3-14dae9d210b8)