CVE-2016-7426
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
13/01/2017
Last modified:
20/04/2025
Description
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* | 4.2.6 (including) | 4.2.8 (excluding) |
| cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* | 4.3.0 (including) | 4.3.94 (excluding) |
| cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://nwtime.org/ntp428p9_release/
- http://rhn.redhat.com/errata/RHSA-2017-0252.html
- http://support.ntp.org/bin/view/Main/NtpBug3071
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://www.securityfocus.com/bid/94451
- http://www.securitytracker.com/id/1037354
- https://bto.bluecoat.com/security-advisory/sa139
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
- https://usn.ubuntu.com/3707-2/
- https://www.kb.cert.org/vuls/id/633847
- http://nwtime.org/ntp428p9_release/
- http://rhn.redhat.com/errata/RHSA-2017-0252.html
- http://support.ntp.org/bin/view/Main/NtpBug3071
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://www.securityfocus.com/bid/94451
- http://www.securitytracker.com/id/1037354
- https://bto.bluecoat.com/security-advisory/sa139
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
- https://usn.ubuntu.com/3707-2/
- https://www.kb.cert.org/vuls/id/633847