Lucene search

MitreCVE-2016-4956

HistoryJul 05, 2016 - 1:59 a.m.

CVE-2016-4956

2016-07-0501:59:03

mitre

web.nvd.nist.gov

123

cve-2016-4956

ntpd

ntp 4.x

denial of service

spoofed broadcast packet

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.4

Confidence

High

EPSS

0.023

Percentile

89.8%

JSON

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

Affected configurations

Nvd

Node

ntpntpRange4.2.0–4.2.8

ntpntpRange4.3.0–4.3.93

ntpntpMatch4.2.8-

ntpntpMatch4.2.8p1

ntpntpMatch4.2.8p1-beta1

ntpntpMatch4.2.8p1-beta2

ntpntpMatch4.2.8p1-beta3

ntpntpMatch4.2.8p1-beta4

ntpntpMatch4.2.8p1-beta5

ntpntpMatch4.2.8p1-rc1

ntpntpMatch4.2.8p1-rc2

ntpntpMatch4.2.8p2

ntpntpMatch4.2.8p2-rc1

ntpntpMatch4.2.8p2-rc2

ntpntpMatch4.2.8p2-rc3

ntpntpMatch4.2.8p3

ntpntpMatch4.2.8p3-rc1

ntpntpMatch4.2.8p3-rc2

ntpntpMatch4.2.8p3-rc3

ntpntpMatch4.2.8p4

ntpntpMatch4.2.8p5

ntpntpMatch4.2.8p6

ntpntpMatch4.2.8p7

Node

oraclesolarisMatch10

oraclesolarisMatch11.3

Node

susemanager_proxyMatch2.1

suseopenstack_cloudMatch5

novellsuse_managerMatch2.1

opensuseleapMatch42.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp3ltss

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

Node

siemenssimatic_net_cp_443-1_opc_ua_firmware

AND

siemenssimatic_net_cp_443-1_opc_uaMatch-

VendorProductVersionCPE
ntpntp*cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
ntp	ntp	*	cpe:2.3:a:ntp:ntp::::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:-::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1::::::
ntp	ntp	4.2.8	cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2::::::

Rows per page:

1-10 of 361

References

bugs.ntp.org/3042

lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html

support.ntp.org/bin/view/Main/NtpBug3042

support.ntp.org/bin/view/Main/SecurityNotice

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd

www.kb.cert.org/vuls/id/321640

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/archive/1/538599/100/0/threaded

www.securityfocus.com/archive/1/538600/100/0/threaded

www.securityfocus.com/archive/1/540683/100/0/threaded

www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded

www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded

www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded

www.securityfocus.com/bid/91009

www.securitytracker.com/id/1036037

www.ubuntu.com/usn/USN-3096-1

cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/

security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc

security.gentoo.org/glsa/201607-15

us-cert.cisa.gov/ics/advisories/icsa-21-159-11

www.kb.cert.org/vuls/id/321640

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.4

Confidence

High

EPSS

0.023

Percentile

89.8%

JSON

CVE-2016-4956

Affected configurations

References

Social References

Related