CVE-2016-7429

Synopsis Moderate: ntp security update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syste ...

Several security issues were fixed in NTP ...

Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...

The following security-related issues were resolved: CVE-2016-7426: Client rate limiting and server responsesCVE-2016-7429: Attack on interface selectionCVE-2016-7433: Broken initial sync calculations regressionCVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vectorCVE-2016-9311: Null pointer dereference when trap service ...

A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses A remote attacker could use this flaw which would cause ntpd to not synchronize with the source ...

When ntpd receives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to use the interface for new requests If ntpd is running on a host with multiple interfaces in separate networks and the operating system doesn't check source address in received packets (eg rp_f ...