CVE-2016-9042

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

• CWE-20

• http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
• http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
• http://seclists.org/fulldisclosure/2017/Nov/7
• http://seclists.org/fulldisclosure/2017/Sep/62
• http://www.securityfocus.com/archive/1/540403/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
• http://www.securityfocus.com/bid/97046Permissions Required, Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1038123Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1039427Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-3349-1
• https://bto.bluecoat.com/security-advisory/sa147
• https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
• https://kc.mcafee.com/corporate/index?page=content&id=SB10201
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.ascThird Party Advisory
• https://support.apple.com/kb/HT208144
• https://support.f5.com/csp/article/K39041624
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_usThird Party Advisory
• https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260Exploit, Mitigation, Third Party Advisory
• http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
• http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
• http://seclists.org/fulldisclosure/2017/Nov/7
• http://seclists.org/fulldisclosure/2017/Sep/62
• http://www.securityfocus.com/archive/1/540403/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
• http://www.securityfocus.com/bid/97046Permissions Required, Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1038123Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1039427Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-3349-1
• https://bto.bluecoat.com/security-advisory/sa147
• https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
• https://kc.mcafee.com/corporate/index?page=content&id=SB10201
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.ascThird Party Advisory
• https://support.apple.com/kb/HT208144
• https://support.f5.com/csp/article/K39041624
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_usThird Party Advisory
• https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260Exploit, Mitigation, Third Party Advisory

Published

Jun 4, 2018

Last Modified

Jun 17, 2026

Status

Modified