vulnerability
NTP: Uncontrolled Resource Consumption ('Resource Exhaustion') (CVE-2016-7426)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jan 13, 2017 | Feb 23, 2023 | Mar 1, 2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jan 13, 2017
Added
Feb 23, 2023
Modified
Mar 1, 2023
Description
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Solution(s)
ntp-upgrade-4_2_8ntp-upgrade-4_3_94
References
- BID-94451
- CERT-VN-633847
- CVE-2016-7426
- https://attackerkb.com/topics/CVE-2016-7426
- DISA_SEVERITY-Category I
- IAVM-2016-A-0331
- IAVM-2017-A-0003
- REDHAT-RHSA-2017:0252
- URL-http://nwtime.org/ntp428p9_release/
- URL-http://rhn.redhat.com/errata/RHSA-2017-0252.html
- URL-http://support.ntp.org/bin/view/Main/NtpBug3071
- URL-http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- URL-http://www.securityfocus.com/bid/94451
- URL-http://www.securitytracker.com/id/1037354
- URL-https://bto.bluecoat.com/security-advisory/sa139
- URL-https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
- URL-https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
- URL-https://usn.ubuntu.com/3707-2/
- URL-https://www.kb.cert.org/vuls/id/633847
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.