CVE-2016-9310 log

Source
Severity High
Remote Yes
Type Denial of service
Description
An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, "restrict default noquery ..." is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.
Group Package Affected Fixed Severity Status Ticket
AVG-80 ntp 4.2.8.p8-1 4.2.8.p9-1 High Fixed
AVG-79 ntp 4.2.8.p8-1 4.2.8.p9-1 High Fixed
Date Advisory Group Package Severity Description
26 Nov 2016 ASA-201611-28 AVG-79 ntp High multiple issues
References
http://support.ntp.org/bin/view/Main/NtpBug3118
Notes
Mitigation:
Use "restrict default noquery ..." in your ntp.conf file.