1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
PublicDateAtUSN: 2017-01-13
Candidate: CVE-2016-7427
PublicDate: 2017-01-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427
https://www.talosintelligence.com/reports/TALOS-2016-0131/
http://www.ubuntu.com/usn/usn-3349-1
Description:
The broadcast mode replay prevention functionality in ntpd in NTP before
4.2.8p9 allows remote attackers to cause a denial of service (reject
broadcast mode packets) via a crafted broadcast mode packet.
Ubuntu-Description:
Notes:
mdeslaur> ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
mdeslaur> ntp-4.3.90 up to, but not including ntp-4.3.94.
mdeslaur>
mdeslaur> introduced with CVE-2015-7973 patch
Bugs:
http://support.ntp.org/bin/view/Main/NtpBug3114
Priority: low
Discovered-by: Matthew Van Gundy
Assigned-to:
Patches_ntp:
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=58090954cV4QaVXVunDIzKXbBc3TVA
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=58231747JiKHtC3fkyDJMMO7wMjfSA
upstream_ntp: released (1:4.2.8p9+dfsg-1)
precise_ntp: ignored (reached end-of-life)
precise/esm_ntp: needed
trusty_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.11)
vivid/stable-phone-overlay_ntp: ignored (reached end-of-life)
vivid/ubuntu-core_ntp: DNE
xenial_ntp: released (1:4.2.8p4+dfsg-3ubuntu5.5)
yakkety_ntp: released (1:4.2.8p8+dfsg-1ubuntu2.1)
zesty_ntp: not-affected (1:4.2.8p9+dfsg-2ubuntu1)
devel_ntp: not-affected (1:4.2.8p9+dfsg-2ubuntu1)
|