Informazioni sul CVE-2016-9042
N/A
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2016-9042
Descrizione: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Punteggio Base (calcolato da AziendaSicura): 0.0 (None)
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- http://www.securitytracker.com/id/1038123
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
- http://www.securitytracker.com/id/1039427
- http://www.securityfocus.com/bid/97046
- http://www.ubuntu.com/usn/USN-3349-1
- http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
- http://seclists.org/fulldisclosure/2017/Nov/7
- http://www.securityfocus.com/archive/1/540403/100/0/threaded
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
- http://seclists.org/fulldisclosure/2017/Sep/62
- http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260
- http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10201
- https://support.apple.com/kb/HT208144
- https://support.f5.com/csp/article/K39041624
- https://bto.bluecoat.com/security-advisory/sa147
- http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Prodotti interessati
- Talos – Network Time Protocol
Relazioni con altri prodotti
Produttore:Talos
Prodotto: Network Time Protocol
Anno: 2016
CWE:
CVSS: 0.0