CVE-2016-7426

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
ntpntp
4.2.6 ≤
𝑥
< 4.2.8
ntpntp
4.3.0 ≤
𝑥
< 4.3.94
ntpntp
4.2.5:p203
ntpntp
4.2.5:p204
ntpntp
4.2.5:p205
ntpntp
4.2.5:p206
ntpntp
4.2.5:p207
ntpntp
4.2.5:p208
ntpntp
4.2.5:p209
ntpntp
4.2.5:p210
ntpntp
4.2.5:p211
ntpntp
4.2.5:p212
ntpntp
4.2.5:p213
ntpntp
4.2.5:p214
ntpntp
4.2.5:p215
ntpntp
4.2.5:p216
ntpntp
4.2.5:p217
ntpntp
4.2.5:p218
ntpntp
4.2.5:p219
ntpntp
4.2.5:p220
ntpntp
4.2.5:p221
ntpntp
4.2.5:p222
ntpntp
4.2.5:p223
ntpntp
4.2.5:p224
ntpntp
4.2.5:p225
ntpntp
4.2.5:p226
ntpntp
4.2.5:p227
ntpntp
4.2.5:p228
ntpntp
4.2.5:p229
ntpntp
4.2.5:p230
ntpntp
4.2.5:p231_rc1
ntpntp
4.2.5:p232_rc1
ntpntp
4.2.5:p233_rc1
ntpntp
4.2.5:p234_rc1
ntpntp
4.2.5:p235_rc1
ntpntp
4.2.5:p236_rc1
ntpntp
4.2.5:p237_rc1
ntpntp
4.2.5:p238_rc1
ntpntp
4.2.5:p239_rc1
ntpntp
4.2.5:p240_rc1
ntpntp
4.2.5:p241_rc1
ntpntp
4.2.5:p242_rc1
ntpntp
4.2.5:p243_rc1
ntpntp
4.2.5:p244_rc1
ntpntp
4.2.5:p245_rc1
ntpntp
4.2.5:p246_rc1
ntpntp
4.2.5:p247_rc1
ntpntp
4.2.5:p248_rc1
ntpntp
4.2.5:p249_rc1
ntpntp
4.2.5:p250_rc1
ntpntp
4.2.8
ntpntp
4.2.8:p1
ntpntp
4.2.8:p1-beta1
ntpntp
4.2.8:p1-beta2
ntpntp
4.2.8:p1-beta3
ntpntp
4.2.8:p1-beta4
ntpntp
4.2.8:p1-beta5
ntpntp
4.2.8:p1-rc1
ntpntp
4.2.8:p1-rc2
ntpntp
4.2.8:p2
ntpntp
4.2.8:p2-rc1
ntpntp
4.2.8:p2-rc2
ntpntp
4.2.8:p2-rc3
ntpntp
4.2.8:p3
ntpntp
4.2.8:p3-rc1
ntpntp
4.2.8:p3-rc2
ntpntp
4.2.8:p3-rc3
ntpntp
4.2.8:p4
ntpntp
4.2.8:p5
ntpntp
4.2.8:p6
ntpntp
4.2.8:p7
ntpntp
4.2.8:p8
canonicalubuntu_linux
12.04
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_aus
7.7
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_eus
7.7
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
jessie
no-dsa
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
Fixed 1:4.2.8p8+dfsg-1ubuntu2.1
released
xenial
Fixed 1:4.2.8p4+dfsg-3ubuntu5.5
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
released
precise
ignored
Common Weakness Enumeration
References
http://nwtime.org/ntp428p9_release/
http://rhn.redhat.com/errata/RHSA-2017-0252.html
http://support.ntp.org/bin/view/Main/NtpBug3071
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.securityfocus.com/bid/94451
http://www.securitytracker.com/id/1037354
https://bto.bluecoat.com/security-advisory/sa139
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
https://usn.ubuntu.com/3707-2/
https://www.kb.cert.org/vuls/id/633847
http://nwtime.org/ntp428p9_release/
http://rhn.redhat.com/errata/RHSA-2017-0252.html
http://support.ntp.org/bin/view/Main/NtpBug3071
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.securityfocus.com/bid/94451
http://www.securitytracker.com/id/1037354
https://bto.bluecoat.com/security-advisory/sa139
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
https://usn.ubuntu.com/3707-2/
https://www.kb.cert.org/vuls/id/633847