ALT-PU-2016-1712-1
Closed vulnerabilities
Published: 2016-07-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-4957
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://bugs.ntp.org/3046
- http://bugs.ntp.org/3046
- SUSE-SU-2016:1563
- SUSE-SU-2016:1563
- openSUSE-SU-2016:1583
- openSUSE-SU-2016:1583
- SUSE-SU-2016:1584
- SUSE-SU-2016:1584
- SUSE-SU-2016:1602
- SUSE-SU-2016:1602
- openSUSE-SU-2016:1636
- openSUSE-SU-2016:1636
- http://support.ntp.org/bin/view/Main/NtpBug3046
- http://support.ntp.org/bin/view/Main/NtpBug3046
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://support.ntp.org/bin/view/Main/SecurityNotice
- VU#321640
- VU#321640
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 1036037
- 1036037
- FreeBSD-SA-16:24
- FreeBSD-SA-16:24
- GLSA-201607-15
- GLSA-201607-15