CVE-2016-7429

Published on: 01/13/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Certain versions of Ntp from Ntp contain the following vulnerability:

NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.

  • CVE-2016-7429 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.

CVSS3 Score: 3.7 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE LOW

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
No Description Provided Vendor Advisory
support.ntp.org
text/html
URL Logo CONFIRM support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
NTP CVE-2016-7429 Local Denial of Service Vulnerability cve.report (archive)
text/html
URL Logo BID 94453
ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1037354
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0252
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
No Description Provided Issue Tracking
Mitigation
Vendor Advisory
support.ntp.org
text/html
URL Logo CONFIRM support.ntp.org/bin/view/Main/NtpBug3072
Broadcom Support Portal bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa139
Network Time Foundation Publishes NTP 4.2.8p9 Security Release Release Notes
Vendor Advisory
nwtime.org
text/html
URL Logo CONFIRM nwtime.org/ntp428p9_release/
Oracle Critical Patch Update - October 2017 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Vulnerability Note VU#633847 - NTP.org ntpd contains multiple denial of service vulnerabilities Third Party Advisory
US Government Resource
www.kb.cert.org
text/html
URL Logo CERT-VN VU#633847

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationNtpNtpAllp8AllAll
  • cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*: