Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for simatic_net_cp_443-1_opc_ua_firmware by siemens

    CVE-2016-9042 (GCVE-0-2016-9042)

    Vulnerability from nvd – Published: 2018-06-04 20:00 – Updated: 2024-09-17 03:53
    VLAI
    Summary
    An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
    CWE
    • denial of service
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038123 vdb-entryx_refsource_SECTRACK
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://www.securitytracker.com/id/1039427 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/97046 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-3349-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2017/Nov/7 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/540403/100… mailing-listx_refsource_BUGTRAQ
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://seclists.org/fulldisclosure/2017/Sep/62 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    http://packetstormsecurity.com/files/142101/FreeB… x_refsource_MISC
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    https://support.apple.com/kb/HT208144 x_refsource_CONFIRM
    https://support.f5.com/csp/article/K39041624 x_refsource_CONFIRM
    https://bto.bluecoat.com/security-advisory/sa147 x_refsource_CONFIRM
    http://packetstormsecurity.com/files/142284/Slack… x_refsource_MISC
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Talos Network Time Protocol Affected: NTP 4.2.8p9
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:09.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038123"
              },
              {
                "name": "FreeBSD-SA-17:03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
              },
              {
                "name": "1039427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039427"
              },
              {
                "name": "97046",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97046"
              },
              {
                "name": "USN-3349-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3349-1"
              },
              {
                "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
              },
              {
                "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
              },
              {
                "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
              },
              {
                "name": "FEDORA-2017-20d54b2782",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
              },
              {
                "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
              },
              {
                "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT208144"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K39041624"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa147"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Time Protocol",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "NTP 4.2.8p9"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:17:22.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "1038123",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038123"
            },
            {
              "name": "FreeBSD-SA-17:03",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
            },
            {
              "name": "1039427",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "name": "97046",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97046"
            },
            {
              "name": "USN-3349-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3349-1"
            },
            {
              "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
            },
            {
              "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
            },
            {
              "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
            },
            {
              "name": "FEDORA-2017-20d54b2782",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
            },
            {
              "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
            },
            {
              "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT208144"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K39041624"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa147"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2017-03-29T00:00:00",
              "ID": "CVE-2016-9042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Time Protocol",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NTP 4.2.8p9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 3.7,
                "baseSeverity": "Low",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038123",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038123"
                },
                {
                  "name": "FreeBSD-SA-17:03",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
                },
                {
                  "name": "1039427",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039427"
                },
                {
                  "name": "97046",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97046"
                },
                {
                  "name": "USN-3349-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3349-1"
                },
                {
                  "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
                },
                {
                  "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
                },
                {
                  "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
                },
                {
                  "name": "FEDORA-2017-20d54b2782",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
                },
                {
                  "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
                },
                {
                  "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
                },
                {
                  "name": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
                },
                {
                  "name": "https://support.apple.com/kb/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT208144"
                },
                {
                  "name": "https://support.f5.com/csp/article/K39041624",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K39041624"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa147",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa147"
                },
                {
                  "name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-9042",
        "datePublished": "2018-06-04T20:00:00.000Z",
        "dateReserved": "2016-10-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:53:51.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6458 (GCVE-0-2017-6458)

    Vulnerability from nvd – Published: 2017-03-27 17:00 – Updated: 2024-08-05 15:33
    VLAI
    Summary
    Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:33:19.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038123"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208144"
              },
              {
                "name": "97051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT208144"
              },
              {
                "name": "USN-3349-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3349-1"
              },
              {
                "name": "FEDORA-2017-72323a442f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa147"
              },
              {
                "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
              },
              {
                "name": "FEDORA-2017-20d54b2782",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K99254031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
              },
              {
                "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
              },
              {
                "name": "FEDORA-2017-5ebac1c112",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-12T16:41:22.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1038123",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038123"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208144"
            },
            {
              "name": "97051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT208144"
            },
            {
              "name": "USN-3349-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3349-1"
            },
            {
              "name": "FEDORA-2017-72323a442f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa147"
            },
            {
              "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
            },
            {
              "name": "FEDORA-2017-20d54b2782",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K99254031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
            },
            {
              "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
            },
            {
              "name": "FEDORA-2017-5ebac1c112",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-6458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038123",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038123"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3379",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
                },
                {
                  "name": "https://support.apple.com/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208144"
                },
                {
                  "name": "97051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97051"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
                },
                {
                  "name": "https://support.apple.com/kb/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT208144"
                },
                {
                  "name": "USN-3349-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3349-1"
                },
                {
                  "name": "FEDORA-2017-72323a442f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
                },
                {
                  "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/",
                  "refsource": "CONFIRM",
                  "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa147",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa147"
                },
                {
                  "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
                },
                {
                  "name": "FEDORA-2017-20d54b2782",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
                },
                {
                  "name": "https://support.f5.com/csp/article/K99254031",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K99254031"
                },
                {
                  "name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
                },
                {
                  "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
                },
                {
                  "name": "FEDORA-2017-5ebac1c112",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-6458",
        "datePublished": "2017-03-27T17:00:00.000Z",
        "dateReserved": "2017-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:33:19.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2518 (GCVE-0-2016-2518)

    Vulnerability from nvd – Published: 2017-01-30 21:00 – Updated: 2024-08-05 23:32
    VLAI
    Summary
    The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3629 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3009 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2016:1141 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.kb.cert.org/vuls/id/718152 third-party-advisoryx_refsource_CERT-VN
    http://rhn.redhat.com/errata/RHSA-2016-1552.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1035705 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2017100… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/SecurityNoti… x_refsource_CONFIRM
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/88226 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://packetstormsecurity.com/files/136864/Slack… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.debian.org/security/2016/dsa-3629 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/archive/1/538233/100… mailing-listx_refsource_BUGTRAQ
    https://support.f5.com/csp/article/K20804323 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:32:20.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "DSA-3629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3629"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "RHSA-2016:1141",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1141"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "VU#718152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/718152"
              },
              {
                "name": "RHSA-2016:1552",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
              },
              {
                "name": "1035705",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035705"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
              },
              {
                "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
              },
              {
                "name": "FreeBSD-SA-16:16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "88226",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/88226"
              },
              {
                "name": "openSUSE-SU-2016:1423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "name": "openSUSE-SU-2016:1329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "SUSE-SU-2016:1471",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
              },
              {
                "name": "FEDORA-2016-5b2eb0bf9c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
              },
              {
                "name": "SUSE-SU-2016:1291",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
              },
              {
                "name": "DSA-3629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3629"
              },
              {
                "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20804323"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
              },
              {
                "name": "SUSE-SU-2016:1278",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
              },
              {
                "name": "FEDORA-2016-ed8c6c0426",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-10T12:19:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "DSA-3629",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3629"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "RHSA-2016:1141",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1141"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "VU#718152",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "RHSA-2016:1552",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
            },
            {
              "name": "1035705",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035705"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
            },
            {
              "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
            },
            {
              "name": "FreeBSD-SA-16:16",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "88226",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/88226"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "openSUSE-SU-2016:1329",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "SUSE-SU-2016:1471",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
            },
            {
              "name": "FEDORA-2016-5b2eb0bf9c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
            },
            {
              "name": "SUSE-SU-2016:1291",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
            },
            {
              "name": "DSA-3629",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3629"
            },
            {
              "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K20804323"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1278",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
            },
            {
              "name": "FEDORA-2016-ed8c6c0426",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-2518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "DSA-3629",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3629"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3009",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "RHSA-2016:1141",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1141"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "VU#718152",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/718152"
                },
                {
                  "name": "RHSA-2016:1552",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
                },
                {
                  "name": "1035705",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035705"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
                },
                {
                  "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
                },
                {
                  "name": "FreeBSD-SA-16:16",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "88226",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/88226"
                },
                {
                  "name": "openSUSE-SU-2016:1423",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "openSUSE-SU-2016:1329",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "SUSE-SU-2016:1471",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
                },
                {
                  "name": "FEDORA-2016-5b2eb0bf9c",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
                },
                {
                  "name": "SUSE-SU-2016:1291",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
                },
                {
                  "name": "DSA-3629",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2016/dsa-3629"
                },
                {
                  "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
                },
                {
                  "name": "https://support.f5.com/csp/article/K20804323",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K20804323"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
                },
                {
                  "name": "SUSE-SU-2016:1278",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
                },
                {
                  "name": "FEDORA-2016-ed8c6c0426",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-2518",
        "datePublished": "2017-01-30T21:00:00.000Z",
        "dateReserved": "2016-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:32:20.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4956 (GCVE-0-2016-4956)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91009 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3042 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3042 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "91009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91009"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3042"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "91009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91009"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3042"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "91009",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91009"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3042",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3042",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3042"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4956",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4955 (GCVE-0-2016-4955)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91007 vdb-entryx_refsource_BID
    http://support.ntp.org/bin/view/Main/NtpBug3043 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3043 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "name": "91007",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91007"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3043"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "91007",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91007"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3043"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "91007",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91007"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3043",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3043",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3043"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4955",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4954 (GCVE-0-2016-4954)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3044"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T11:59:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3044"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3044",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "http://bugs.ntp.org/3044",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3044"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4954",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4953 (GCVE-0-2016-4953)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91010 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3045 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    http://bugs.ntp.org/3045 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "91010",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91010"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3045"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:08:56.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "91010",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91010"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3045"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "91010",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91010"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3045",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "http://bugs.ntp.org/3045",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3045"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4953",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9042 (GCVE-0-2016-9042)

    Vulnerability from cvelistv5 – Published: 2018-06-04 20:00 – Updated: 2024-09-17 03:53
    VLAI
    Summary
    An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
    CWE
    • denial of service
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038123 vdb-entryx_refsource_SECTRACK
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://www.securitytracker.com/id/1039427 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/97046 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-3349-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2017/Nov/7 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/540403/100… mailing-listx_refsource_BUGTRAQ
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://seclists.org/fulldisclosure/2017/Sep/62 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    http://packetstormsecurity.com/files/142101/FreeB… x_refsource_MISC
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    https://support.apple.com/kb/HT208144 x_refsource_CONFIRM
    https://support.f5.com/csp/article/K39041624 x_refsource_CONFIRM
    https://bto.bluecoat.com/security-advisory/sa147 x_refsource_CONFIRM
    http://packetstormsecurity.com/files/142284/Slack… x_refsource_MISC
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Talos Network Time Protocol Affected: NTP 4.2.8p9
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:09.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038123"
              },
              {
                "name": "FreeBSD-SA-17:03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
              },
              {
                "name": "1039427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039427"
              },
              {
                "name": "97046",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97046"
              },
              {
                "name": "USN-3349-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3349-1"
              },
              {
                "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
              },
              {
                "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
              },
              {
                "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
              },
              {
                "name": "FEDORA-2017-20d54b2782",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
              },
              {
                "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
              },
              {
                "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT208144"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K39041624"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa147"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Time Protocol",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "NTP 4.2.8p9"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:17:22.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "1038123",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038123"
            },
            {
              "name": "FreeBSD-SA-17:03",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
            },
            {
              "name": "1039427",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "name": "97046",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97046"
            },
            {
              "name": "USN-3349-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3349-1"
            },
            {
              "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
            },
            {
              "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
            },
            {
              "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
            },
            {
              "name": "FEDORA-2017-20d54b2782",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
            },
            {
              "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
            },
            {
              "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT208144"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K39041624"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa147"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2017-03-29T00:00:00",
              "ID": "CVE-2016-9042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Time Protocol",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NTP 4.2.8p9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 3.7,
                "baseSeverity": "Low",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038123",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038123"
                },
                {
                  "name": "FreeBSD-SA-17:03",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
                },
                {
                  "name": "1039427",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039427"
                },
                {
                  "name": "97046",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97046"
                },
                {
                  "name": "USN-3349-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3349-1"
                },
                {
                  "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
                },
                {
                  "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
                },
                {
                  "name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
                },
                {
                  "name": "FEDORA-2017-20d54b2782",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
                },
                {
                  "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
                },
                {
                  "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
                },
                {
                  "name": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
                },
                {
                  "name": "https://support.apple.com/kb/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT208144"
                },
                {
                  "name": "https://support.f5.com/csp/article/K39041624",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K39041624"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa147",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa147"
                },
                {
                  "name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-9042",
        "datePublished": "2018-06-04T20:00:00.000Z",
        "dateReserved": "2016-10-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:53:51.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6458 (GCVE-0-2017-6458)

    Vulnerability from cvelistv5 – Published: 2017-03-27 17:00 – Updated: 2024-08-05 15:33
    VLAI
    Summary
    Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:33:19.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038123"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208144"
              },
              {
                "name": "97051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT208144"
              },
              {
                "name": "USN-3349-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3349-1"
              },
              {
                "name": "FEDORA-2017-72323a442f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa147"
              },
              {
                "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
              },
              {
                "name": "FEDORA-2017-20d54b2782",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K99254031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
              },
              {
                "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
              },
              {
                "name": "FEDORA-2017-5ebac1c112",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-12T16:41:22.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1038123",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038123"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208144"
            },
            {
              "name": "97051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT208144"
            },
            {
              "name": "USN-3349-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3349-1"
            },
            {
              "name": "FEDORA-2017-72323a442f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa147"
            },
            {
              "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
            },
            {
              "name": "FEDORA-2017-20d54b2782",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K99254031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
            },
            {
              "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
            },
            {
              "name": "FEDORA-2017-5ebac1c112",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-6458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038123",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038123"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3379",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
                },
                {
                  "name": "https://support.apple.com/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208144"
                },
                {
                  "name": "97051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97051"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
                },
                {
                  "name": "https://support.apple.com/kb/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT208144"
                },
                {
                  "name": "USN-3349-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3349-1"
                },
                {
                  "name": "FEDORA-2017-72323a442f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
                },
                {
                  "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/",
                  "refsource": "CONFIRM",
                  "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa147",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa147"
                },
                {
                  "name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Nov/7"
                },
                {
                  "name": "FEDORA-2017-20d54b2782",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
                },
                {
                  "name": "https://support.f5.com/csp/article/K99254031",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K99254031"
                },
                {
                  "name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/62"
                },
                {
                  "name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
                },
                {
                  "name": "FEDORA-2017-5ebac1c112",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-6458",
        "datePublished": "2017-03-27T17:00:00.000Z",
        "dateReserved": "2017-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:33:19.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2518 (GCVE-0-2016-2518)

    Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-05 23:32
    VLAI
    Summary
    The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3629 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3009 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2016:1141 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.kb.cert.org/vuls/id/718152 third-party-advisoryx_refsource_CERT-VN
    http://rhn.redhat.com/errata/RHSA-2016-1552.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1035705 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2017100… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/SecurityNoti… x_refsource_CONFIRM
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/88226 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://packetstormsecurity.com/files/136864/Slack… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.debian.org/security/2016/dsa-3629 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/archive/1/538233/100… mailing-listx_refsource_BUGTRAQ
    https://support.f5.com/csp/article/K20804323 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:32:20.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "DSA-3629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3629"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "RHSA-2016:1141",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1141"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "VU#718152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/718152"
              },
              {
                "name": "RHSA-2016:1552",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
              },
              {
                "name": "1035705",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035705"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
              },
              {
                "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
              },
              {
                "name": "FreeBSD-SA-16:16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "88226",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/88226"
              },
              {
                "name": "openSUSE-SU-2016:1423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "name": "openSUSE-SU-2016:1329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "SUSE-SU-2016:1471",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
              },
              {
                "name": "FEDORA-2016-5b2eb0bf9c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
              },
              {
                "name": "SUSE-SU-2016:1291",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
              },
              {
                "name": "DSA-3629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3629"
              },
              {
                "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20804323"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
              },
              {
                "name": "SUSE-SU-2016:1278",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
              },
              {
                "name": "FEDORA-2016-ed8c6c0426",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-10T12:19:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "DSA-3629",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3629"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "RHSA-2016:1141",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1141"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "VU#718152",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "RHSA-2016:1552",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
            },
            {
              "name": "1035705",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035705"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
            },
            {
              "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
            },
            {
              "name": "FreeBSD-SA-16:16",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "88226",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/88226"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "openSUSE-SU-2016:1329",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "SUSE-SU-2016:1471",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
            },
            {
              "name": "FEDORA-2016-5b2eb0bf9c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
            },
            {
              "name": "SUSE-SU-2016:1291",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
            },
            {
              "name": "DSA-3629",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3629"
            },
            {
              "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K20804323"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1278",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
            },
            {
              "name": "FEDORA-2016-ed8c6c0426",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-2518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "DSA-3629",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3629"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3009",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "RHSA-2016:1141",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1141"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "VU#718152",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/718152"
                },
                {
                  "name": "RHSA-2016:1552",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
                },
                {
                  "name": "1035705",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035705"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
                },
                {
                  "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
                },
                {
                  "name": "FreeBSD-SA-16:16",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "88226",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/88226"
                },
                {
                  "name": "openSUSE-SU-2016:1423",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "openSUSE-SU-2016:1329",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "SUSE-SU-2016:1471",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
                },
                {
                  "name": "FEDORA-2016-5b2eb0bf9c",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
                },
                {
                  "name": "SUSE-SU-2016:1291",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
                },
                {
                  "name": "DSA-3629",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2016/dsa-3629"
                },
                {
                  "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
                },
                {
                  "name": "https://support.f5.com/csp/article/K20804323",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K20804323"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
                },
                {
                  "name": "SUSE-SU-2016:1278",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
                },
                {
                  "name": "FEDORA-2016-ed8c6c0426",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-2518",
        "datePublished": "2017-01-30T21:00:00.000Z",
        "dateReserved": "2016-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:32:20.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4955 (GCVE-0-2016-4955)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91007 vdb-entryx_refsource_BID
    http://support.ntp.org/bin/view/Main/NtpBug3043 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3043 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "name": "91007",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91007"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3043"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "91007",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91007"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3043"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "91007",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91007"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3043",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3043",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3043"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4955",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4956 (GCVE-0-2016-4956)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91009 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3042 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3042 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "91009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91009"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3042"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "91009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91009"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3042"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "91009",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91009"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3042",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3042",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3042"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4956",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4954 (GCVE-0-2016-4954)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3044"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T11:59:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3044"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3044",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "http://bugs.ntp.org/3044",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3044"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4954",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4953 (GCVE-0-2016-4953)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91010 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3045 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    http://bugs.ntp.org/3045 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "91010",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91010"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3045"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:08:56.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "91010",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91010"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3045"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "91010",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91010"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3045",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "http://bugs.ntp.org/3045",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3045"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4953",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }