CVE-2016-9042
Publication date 31 December 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Status
Package | Ubuntu Release | Status |
---|---|---|
ntp | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
Notes
mdeslaur
ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10 introduced in patch for CVE-2016-7431
Patch details
Package | Patch details |
---|---|
ntp |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 · Medium |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3349-1
- NTP vulnerabilities
- 5 July 2017