Lucene search
MagnusstubmanH1:147310HistoryJun 25, 2016 - 9:36 p.m.
Internet Bug Bounty: ntpd: read_mru_list() does inadequate incoming packet checks
2016-06-2521:36:45
magnusstubman
hackerone.com
39
0.965 High
EPSS
Percentile
99.6%
Summary: If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted malicious mrulist query packet.
Mitigation:
- Only allow
mrulistquery packets from trusted hosts. - Implement BCP-38.
- Upgrade to 4.2.8p9, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page
- Properly monitor your
ntpdinstances, and auto-restartntpd(without-g) if it stops running.
Credit: This weakness was discovered by Magnus Stubman.
Related
seebug
seebug
ntpd remote pre-auth DoS (CVE-2016-7434)
2016-11-23 00:00:00
f5
f5
K63326092 : NTP vulnerability CVE-2016-7434
2016-11-29 00:00:00
SOL63326092 - NTP vulnerability CVE-2016-7434
2016-11-29 00:00:00
thn
thn
NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws
2016-11-22 22:49:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-326-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3196-1)
2021-04-19 00:00:00
zdt
zdt
NTP 4.2.8p8 - Denial of Service Exploit
2016-11-23 00:00:00
checkpoint_advisories
checkpoint_advisories
NTP Daemon _IO_str_init_static_internal Denial of Service (CVE-2016-7434)
2016-11-23 00:00:00
debiancve
debiancve
CVE-2016-7434
2017-01-13 16:59:00
ubuntucve
ubuntucve
CVE-2016-7434
2017-01-13 00:00:00
nvd
nvd
CVE-2016-7434
2017-01-13 16:59:00
exploitpack
exploitpack
NTP 4.2.8p8 - Denial of Service
2016-11-21 00:00:00
prion
prion
Design/Logic Flaw
2017-01-13 16:59:00
packetstorm
packetstorm
ntpd 4.2.7.p22 / 4.3.0 Denial Of Service
2016-11-22 00:00:00
cve
cve
CVE-2016-7434
2017-01-13 16:59:00
redhatcve
redhatcve
CVE-2016-7434
2016-11-22 10:47:41
threatpost
threatpost
Exploit Code Released for NTP Vulnerability
2016-11-22 10:30:41
cvelist
cvelist
CVE-2016-7434
2017-01-13 16:00:00
nessus
nessus
Network Time Protocol Daemon (ntpd) read_mru_list() Remote DoS
2016-11-29 00:00:00
FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (fcedcdbb-c86e-11e6-b1cf-14dae9d210b8)
2016-12-27 00:00:00
Photon OS 1.0: Ntpstat PHSA-2017-0003
2019-02-07 00:00:00
myhack58
myhack58
exploitdb
exploitdb
NTP 4.2.8p8 - Denial of Service
2016-11-21 00:00:00
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities of ntp
2016-12-22 00:00:00
ntp -- multiple vulnerabilities
2016-11-21 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:39.ntp
2016-12-22 00:00:00
archlinux
archlinux
[ASA-201611-28] ntp: multiple issues
2016-11-26 00:00:00
huawei
huawei
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
2017-11-29 00:00:00
ibm
ibm
symantec
symantec
SA139 : November 2016 NTP Security Vulnerabilities
2017-01-12 08:00:00
slackware
slackware
[slackware-security] ntp
2016-11-21 19:25:10
cert
cert
NTP.org ntpd contains multiple denial of service vulnerabilities
2016-11-21 00:00:00
cisco
cisco
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2017-07-05 00:00:00