AVG-79

Package ntp
Status Fixed
Severity High
Type multiple issues
Affected 4.2.8.p8-1
Fixed 4.2.8.p9-1
Current 4.2.8.p10-2 [extra]
Ticket None
Created Mon Nov 21 21:52:36 2016
Issue Severity Remote Type Description
CVE-2016-9311 Medium Yes Denial of service
ntpd does not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null...
CVE-2016-9310 High Yes Denial of service
An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP...
CVE-2016-7434 Medium Yes Denial of service
If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted...
CVE-2016-7433 Low Yes Incorrect calculation
ntpd Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation...
CVE-2016-7431 Medium Yes Insufficient validation
Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the...
CVE-2016-7429 Low Yes Denial of service
When ntpd receives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to...
CVE-2016-7428 Medium Yes Denial of service
The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable...
CVE-2016-7427 Medium Yes Denial of service
The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable...
CVE-2016-7426 Low Yes Denial of service
When ntpd is configured with rate limiting for all associations (restrict default limited in ntp.conf), the limits are applied also to responses received...
Date Advisory Package Description
26 Nov 2016 ASA-201611-28 ntp multiple issues
References
http://www.kb.cert.org/vuls/id/633847
http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
Notes
CVE-2016-9312 in this release in a Windows only issue