CVE-2016-7426
Summary
| CVE | CVE-2016-7426 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-01-13 16:59:00 UTC |
| Updated | 2020-06-18 18:14:00 UTC |
| Description | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Application | Hpe | Hpux-ntp | All | All | All | All |
| Application | Hpe | Hpux-ntp | All | All | All | All |
| Application | Ntp | Ntp | All | All | All | All |
| Application | Ntp | Ntp | 4.2.5 | p203 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p204 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p205 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p206 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p207 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p208 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p209 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p210 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p211 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p212 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p213 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p214 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p215 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p216 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p217 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p218 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p219 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p220 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p221 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p222 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p223 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p224 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p225 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p226 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p227 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p228 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p229 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p230 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p231_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p232_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p233_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p234_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p235_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p236_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p237_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p238_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p239_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p240_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p241_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p242_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p243_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p244_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p245_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p246_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p247_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p248_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p249_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p250_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | - | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p6 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p7 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p8 | All | All |
| Application | Ntp | Ntp | All | All | All | All |
| Application | Ntp | Ntp | 4.2.5 | p203 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p204 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p205 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p206 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p207 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p208 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p209 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p210 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p211 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p212 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p213 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p214 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p215 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p216 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p217 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p218 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p219 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p220 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p221 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p222 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p223 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p224 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p225 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p226 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p227 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p228 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p229 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p230 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p231_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p232_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p233_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p234_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p235_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p236_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p237_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p238_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p239_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p240_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p241_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p242_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p243_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p244_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p245_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p246_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p247_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p248_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p249_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.5 | p250_rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | - | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p6 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p7 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p8 | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| FreeBSD-SA-16:39 | FREEBSD | security.FreeBSD.org | Third Party Advisory |
| support.ntp.org/bin/view/Main/SecurityNotice | CONFIRM | support.ntp.org | Release Notes, Vendor Advisory |
| ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| NTP CVE-2016-7426 Local Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| USN-3707-2: NTP vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| Broadcom Support Portal | CONFIRM | bto.bluecoat.com | Third Party Advisory |
| Network Time Foundation Publishes NTP 4.2.8p9 Security Release | CONFIRM | nwtime.org | Third Party Advisory |
| Vulnerability Note VU#633847 - NTP.org ntpd contains multiple denial of service vulnerabilities | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| support.ntp.org/bin/view/Main/NtpBug3071 | CONFIRM | support.ntp.org | Issue Tracking, Mitigation, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378199 Virtuozzo Linux Security Update for ntp (VZLSA-2017:0252)