Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2016-7433

Published: 13/01/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

NTP prior to 4.2.8p9 does not properly perform the initial sync calculations, which allows remote malicious users to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

Vendor Advisories

Red Hat: Moderate: ntp security update
Synopsis Moderate: ntp security update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syste ...
Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Amazon Linux 2: ALAS2-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Amazon Linux AMI: ALAS-2017-781
The following security-related issues were resolved: CVE-2016-7426: Client rate limiting and server responsesCVE-2016-7429: Attack on interface selectionCVE-2016-7433: Broken initial sync calculations regressionCVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vectorCVE-2016-9311: Null pointer dereference when trap service ...
Red Hat: CVE-2016-7433
A flaw was found in the way ntpd calculated the root delay A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash ...
Arch Linux Issues:
ntpd Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was incorrect, resulting in a root distance that did not include the peer dispersion The calculations and formula have been revi ...

References

CWE-682https://www.kb.cert.org/vuls/id/633847http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitieshttp://support.ntp.org/bin/view/Main/NtpBug3067http://nwtime.org/ntp428p9_release/http://www.securityfocus.com/bid/94455https://bto.bluecoat.com/security-advisory/sa139https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_ushttp://www.securitytracker.com/id/1037354http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.aschttp://rhn.redhat.com/errata/RHSA-2017-0252.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfhttp://www.securityfocus.com/archive/1/archive/1/540254/100/0/threadedhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-enhttps://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threadedhttps://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227http://www.securityfocus.com/archive/1/540254/100/0/threadedhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00153.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11http://www.ubuntu.com/usn/USN-3349-1http://www.securityfocus.com/archive/1/539955/100/0/threadedhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/https://access.redhat.com/errata/RHSA-2017:0252https://nvd.nist.govhttps://usn.ubuntu.com/3349-1/https://www.kb.cert.org/vuls/id/633847
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook