CVE-2016-7428

Published on: 01/13/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Certain versions of Ntp from Ntp contain the following vulnerability:

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

  • CVE-2016-7428 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 4.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
ADJACENT_NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE LOW

CVSS2 Score: 3.3 - LOW

Access
Vector
Access
Complexity
Authentication
ADJACENT_NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
security.FreeBSD.org
text/plain
FREEBSD FreeBSD-SA-16:39
No Description Provided Vendor Advisory
support.ntp.org
text/html
URL Logo CONFIRM support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1037354
USN-3707-2: NTP vulnerabilities | Ubuntu security notices usn.ubuntu.com
text/html
URL Logo UBUNTU USN-3707-2
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
Document Display | HPE Support Center support.hpe.com
text/html
URL Logo CONFIRM support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us
No Description Provided Issue Tracking
Mitigation
Vendor Advisory
support.ntp.org
text/html
URL Logo CONFIRM support.ntp.org/bin/view/Main/NtpBug3113
Broadcom Support Portal bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa139
Document Display | HPE Support Center support.hpe.com
text/html
URL Logo CONFIRM support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us
Network Time Foundation Publishes NTP 4.2.8p9 Security Release Release Notes
Vendor Advisory
nwtime.org
text/html
URL Logo CONFIRM nwtime.org/ntp428p9_release/
NTP CVE-2016-7428 Denial of Service Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94446
Vulnerability Note VU#633847 - NTP.org ntpd contains multiple denial of service vulnerabilities Third Party Advisory
US Government Resource
www.kb.cert.org
text/html
URL Logo CERT-VN VU#633847

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationNtpNtp4.2.8p6AllAll
ApplicationNtpNtp4.2.8p7AllAll
ApplicationNtpNtp4.2.8p8AllAll
ApplicationNtpNtp4.2.8p6AllAll
ApplicationNtpNtp4.2.8p7AllAll
ApplicationNtpNtp4.2.8p8AllAll
  • cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*:
  • cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*:
  • cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*:
  • cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*:
  • cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*:
  • cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*: