National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2016-7426 Detail

Current Description

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 5.3 MEDIUM
Vector:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://nwtime.org/ntp428p9_release/ Release Notes Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0252.html
http://support.ntp.org/bin/view/Main/NtpBug3071 Issue Tracking Mitigation Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Vendor Advisory
http://www.securityfocus.com/bid/94451 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037354
https://bto.bluecoat.com/security-advisory/sa139
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
https://usn.ubuntu.com/3707-2/
https://www.kb.cert.org/vuls/id/633847 Third Party Advisory US Government Resource

Weakness Enumeration

CWE-ID CWE Name Source
CWE-399 Resource Management Errors NIST  

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:ntp:ntp:4.2.5:p203
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p204
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p205
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p206
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p207
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p208
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p209
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p210
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p211
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p212
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p213
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p214
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p215
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p216
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p217
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p218
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p219
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p220
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p221
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p222
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p223
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p224
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p225
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p226
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p227
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p228
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p229
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p230
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p231_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p232_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p233_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p234_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p235_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p236_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p237_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p238_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p239_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p240_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p241_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p242_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p243_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p244_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p245_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p246_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p247_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p248_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p249_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.5:p250_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1_rc2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1_rc3
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1_rc4
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1_rc5
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p1_rc6
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc3
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc4
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc5
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc6
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p2_rc7
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_beta1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc10
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc11
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc12
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc3
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc4
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc5
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc6
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc7
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc8
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p3_rc9
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p4
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p4_beta1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p4_beta2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p4_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p4_rc2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p5
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p5_rc1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p5_rc2
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.6:p5_rc3
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p0
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p1
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p10
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p100
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p101
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p102
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p103
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p104
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p105
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p106
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p107
     Show Matching CPE(s)
 cpe:/a:ntp:ntp:4.2.7:p108
     Show Matching CPE(s)
Showing 100 of 595 CPE Match Criteria, view all CPEs here


Change History

9 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2016-7426
NVD Published Date:
01/13/2017
NVD Last Modified:
01/24/2019