| CVE-2016-9311 |
Medium |
Yes |
Denial of service |
ntpd does not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null... |
| CVE-2016-9310 |
High |
Yes |
Denial of service |
An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP... |
| CVE-2016-7434 |
Medium |
Yes |
Denial of service |
If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted... |
| CVE-2016-7433 |
Low |
Yes |
Incorrect calculation |
ntpd Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation... |
| CVE-2016-7431 |
Medium |
Yes |
Insufficient validation |
Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the... |
| CVE-2016-7429 |
Low |
Yes |
Denial of service |
When ntpd receives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to... |
| CVE-2016-7428 |
Medium |
Yes |
Denial of service |
The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable... |
| CVE-2016-7427 |
Medium |
Yes |
Denial of service |
The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable... |
| CVE-2016-7426 |
Low |
Yes |
Denial of service |
When ntpd is configured with rate limiting for all associations (restrict default limited in ntp.conf), the limits are applied also to responses received... |