Oracle Solaris 11: CVE-2016-4954: Vulnerability in NTP
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | July 04, 2016 | May 29, 2017 | October 30, 2017 |
Description
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
oracle-solaris-11-3-upgrade-service-network-ntp-4-2-8-8-0-175-3-12-0-1-0Related Vulnerabilities
- FreeBSD: FreeBSD -- Multiple ntp vulnerabilities (FreeBSD-SA-16:24.ntp) (Multiple CVEs)
- Cisco NX-OS: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016 (Multiple CVEs)
- Cisco SAN-OS: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016 (Multiple CVEs)
- Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
- Gentoo Linux: CVE-2016-4954: NTP: Multiple vulnerabilities
- Huawei EulerOS: CVE-2016-4954: ntp security update
- Huawei EulerOS: CVE-2016-4954: ntp security update
- IBM AIX: ntp_advisory7 (CVE-2016-4954): Vulnerabilities in NTP affect AIX