CVE-2016-9042

Published: Jun 4, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

Affected (5)

Products: Ntp: Ntp · Freebsd: Freebsd · Hpe: Hpux Ntp · +1 more

Show all products

Ntp: Ntp · Freebsd: Freebsd · Hpe: Hpux Ntp · Siemens: Simatic Net Cp 443 1 Opc Ua Firmware

1 product

1 product

1 product

1 product

Simatic Net Cp 443 1 Opc Ua Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	Version 4.2.8 p9

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 10.0
Freebsd Freebsd	Version 11.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Hpe Hpux Ntp	Before c.4.2.8.4.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Net Cp 443 1 Opc Ua Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Net Cp 443 1 Opc Ua	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (42)

http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html

Source: talos-cna@cisco.com

http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html

Source: talos-cna@cisco.com

http://seclists.org/fulldisclosure/2017/Nov/7

Source: talos-cna@cisco.com

http://seclists.org/fulldisclosure/2017/Sep/62

Source: talos-cna@cisco.com

http://www.securityfocus.com/archive/1/540403/100/0/threaded

Source: talos-cna@cisco.com

http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded

Source: talos-cna@cisco.com

http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded

Source: talos-cna@cisco.com

http://www.securityfocus.com/bid/97046

Source: talos-cna@cisco.com

Permissions RequiredThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038123

Source: talos-cna@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039427

Source: talos-cna@cisco.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3349-1

Source: talos-cna@cisco.com

https://bto.bluecoat.com/security-advisory/sa147

Source: talos-cna@cisco.com

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Source: talos-cna@cisco.com

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10201

Source: talos-cna@cisco.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/

Source: talos-cna@cisco.com

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc

Source: talos-cna@cisco.com

Third Party Advisory

https://support.apple.com/kb/HT208144

Source: talos-cna@cisco.com

https://support.f5.com/csp/article/K39041624

Source: talos-cna@cisco.com

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

Source: talos-cna@cisco.com

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Source: talos-cna@cisco.com

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260

Source: talos-cna@cisco.com

ExploitMitigationThird Party Advisory

http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html