5.9

CVE-2016-9042

Exploit
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version4.2.8 Updatep9
FreebsdFreebsd Version10.0
FreebsdFreebsd Version11.0
HpeHpux-ntp Version < c.4.2.8.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.96% 0.891
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
talos-cna@cisco.com 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
Third Party Advisory
http://www.securitytracker.com/id/1039427
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3349-1
http://www.securitytracker.com/id/1038123
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
http://seclists.org/fulldisclosure/2017/Nov/7
http://seclists.org/fulldisclosure/2017/Sep/62
http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
https://bto.bluecoat.com/security-advisory/sa147
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
https://support.apple.com/kb/HT208144
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
Third Party Advisory
http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
http://www.securityfocus.com/archive/1/540403/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
http://www.securityfocus.com/bid/97046
Third Party Advisory
VDB Entry
Permissions Required
https://kc.mcafee.com/corporate/index?page=content&id=SB10201
https://support.f5.com/csp/article/K39041624
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260
Third Party Advisory
Exploit
Mitigation