CVE-2016-7428

MEDIUM

Ntp - Denial of Service

Title source: rule

Description

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

References (12)

[Vendor Advisory] https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us

[Release Notes, Vendor Advisory] http://nwtime.org/ntp428p9_release/

[Issue Tracking, Mitigation, Vendor Advisory] http://support.ntp.org/bin/view/Main/NtpBug3113

[Vendor Advisory] http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94446

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037354

[Various Sources] https://bto.bluecoat.com/security-advisory/sa139

[Various Sources] https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc

[Vendor Advisory] https://usn.ubuntu.com/3707-2/

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/633847

Scores

CVSS v3 4.3

EPSS 0.0530

EPSS Percentile 89.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-400

Status published

Affected Products (4)

ntp/ntp

n/a/n/a

Timeline

Published Jan 13, 2017

Tracked Since Feb 18, 2026