{"vuid":"VU#321640","idnumber":"321640","name":"NTP.org ntpd is vulnerable to denial of service and other vulnerabilities","keywords":["ntp","denial of service"],"overview":"NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.","clean_desc":"NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in the individual links below. CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability. Bad authentication demobilizes ephemeral associations. See Sec 3045, CVE-2016-4953. Processing of spoofed server packets affects peer variables. See Sec 3044, CVE-2016-4954. Autokey associations may be reset when repeatedly receiving spoofed packets. See Sec 3043, CVE-2016-4955. Broadcast associations are not covered in Sec 2978 patch, which may be leveraged to flip broadcast clients into interleave mode. See Sec 3042, CVE-2016-4956.","impact":"Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.","resolution":"Apply an update The vendor has released version 4.2.8p8 to address these issues. Users are encouraged to update to the latest release. Those unable to update should consider mitigations listed in NTP's security advisory listing.","workarounds":"","sysaffected":"","thanks":"The NTP Project credits \nNicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.","author":"This document was written by Joel Land.","public":["http://support.ntp.org/bin/view/Main/NtpBug3007","http://support.ntp.org/bin/view/Main/NtpBug3046","http://support.ntp.org/bin/view/Main/NtpBug3045","http://support.ntp.org/bin/view/Main/NtpBug3044","http://support.ntp.org/bin/view/Main/NtpBug3043","http://support.ntp.org/bin/view/Main/NtpBug2978","http://support.ntp.org/bin/view/Main/NtpBug3042"],"cveids":["CVE-2016-4953","CVE-2016-4954","CVE-2016-4955","CVE-2016-4956","CVE-2016-4957"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-05-25T14:20:49Z","publicdate":"2016-06-02T00:00:00Z","datefirstpublished":"2016-06-02T16:23:47Z","dateupdated":"2016-06-06T14:21:14Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.8","cvss_basevector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvss_temporalscore":"6.4","cvss_environmentalscore":"6.43545140112","cvss_environmentalvector":"CDP:N/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}