CVE-2016-4957

HIGH

NTP - Denial of Service via Crypto-NAK Packet

Title source: llm

Description

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

References (13)

Core 13

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html

Third Party Advisory vendor-advisory x_refsource_freebsd

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc

Issue Tracking, Vendor Advisory x_refsource_confirm

http://bugs.ntp.org/3046

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036037

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/321640

Release Notes, Vendor Advisory x_refsource_confirm

http://support.ntp.org/bin/view/Main/SecurityNotice

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html

Patch, Vendor Advisory x_refsource_confirm

http://support.ntp.org/bin/view/Main/NtpBug3046

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201607-15

Scores

CVSS v3 7.5

EPSS 0.5907

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (12)

novell/suse_manager 2.1

ntp/ntp 4.2.8 p7

ntp/ntp 4.3.92

opensuse/leap 42.1

opensuse/opensuse 13.2

oracle/solaris 10

oracle/solaris 11.3

suse/linux_enterprise_desktop 12 sp1

suse/linux_enterprise_server 11 sp2 (3 CPE variants)

suse/linux_enterprise_server 12 sp1

... and 2 more

Published Jul 05, 2016

Tracked Since Feb 18, 2026