CVE-2016-7426
Last modified
CVE-2016-7426 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.. EPSS estimates a 12.37% chance of exploitation in the next 30 days.
Description
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ntp | Ntp | >= 4.2.6, < 4.2.8 | — |
| Ntp | Ntp | >= 4.3.0, < 4.3.94 | — |
| Ntp | Ntp | 4.2.5 | P203 |
| Ntp | Ntp | 4.2.8 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Redhat | Enterprise Linux Desktop | 6.0 | — |
| Redhat | Enterprise Linux Desktop | 7.0 | — |
| Redhat | Enterprise Linux Server | 6.0 | — |
| Redhat | Enterprise Linux Server | 7.0 | — |
| Redhat | Enterprise Linux Server Aus | 7.3 | — |
| Redhat | Enterprise Linux Server Aus | 7.4 | — |
| Redhat | Enterprise Linux Server Aus | 7.6 | — |
| Redhat | Enterprise Linux Server Aus | 7.7 | — |
| Redhat | Enterprise Linux Server Eus | 7.3 | — |
| Redhat | Enterprise Linux Server Eus | 7.4 | — |
| Redhat | Enterprise Linux Server Eus | 7.5 | — |
| Redhat | Enterprise Linux Server Eus | 7.6 | — |
| Redhat | Enterprise Linux Server Eus | 7.7 | — |
| Redhat | Enterprise Linux Server Tus | 7.3 | — |
| Redhat | Enterprise Linux Server Tus | 7.6 | — |
| Redhat | Enterprise Linux Server Tus | 7.7 | — |
| Redhat | Enterprise Linux Workstation | 6.0 | — |
| Redhat | Enterprise Linux Workstation | 7.0 | — |
| Hpe | Hpux-Ntp | >= b.11.31, < c.4.2.8.2.0 | — |
References
- http://nwtime.org/ntp428p9_release/Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0252.htmlThird Party Advisory
- http://support.ntp.org/bin/view/Main/NtpBug3071Issue Tracking, Mitigation, Vendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_VulnerabilitiesRelease Notes, Vendor Advisory
- http://www.securityfocus.com/bid/94451Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037354Third Party Advisory, VDB Entry
- https://bto.bluecoat.com/security-advisory/sa139Third Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.ascThird Party Advisory
- https://usn.ubuntu.com/3707-2/Third Party Advisory
- https://www.kb.cert.org/vuls/id/633847Third Party Advisory, US Government Resource
- http://nwtime.org/ntp428p9_release/Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0252.htmlThird Party Advisory
- http://support.ntp.org/bin/view/Main/NtpBug3071Issue Tracking, Mitigation, Vendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_VulnerabilitiesRelease Notes, Vendor Advisory
- http://www.securityfocus.com/bid/94451Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037354Third Party Advisory, VDB Entry
- https://bto.bluecoat.com/security-advisory/sa139Third Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.ascThird Party Advisory
- https://usn.ubuntu.com/3707-2/Third Party Advisory
- https://www.kb.cert.org/vuls/id/633847Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-7426?
How severe is CVE-2016-7426?
How do I fix CVE-2016-7426?
Are you affected by CVE-2016-7426?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST