7.5

CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version4.2.8 Updatep7
NtpNtp Version4.3.92
OracleSolaris Version10
OracleSolaris Version11.3
SuseManager Proxy Version2.1
SuseOpenstack Cloud Version5
NovellSuse Manager Version2.1
OpensuseLeap Version42.1
OpensuseOpensuse Version13.2
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.94% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice
Vendor Advisory
Release Notes
https://security.gentoo.org/glsa/201607-15
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Third Party Advisory
Mailing List
http://www.kb.cert.org/vuls/id/321640
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1036037
Third Party Advisory
VDB Entry
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
Third Party Advisory
http://bugs.ntp.org/3046
Vendor Advisory
Issue Tracking
http://support.ntp.org/bin/view/Main/NtpBug3046
Patch
Vendor Advisory