CVE-2016-4957

Published Jul 5, 2016

Last updated 4 years ago

Overview

Description: ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-476

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC"
          },
          {
            "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED"
          },
          {
            "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C"
          },
          {
            "criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References