Vulnerability Note VU#321640
NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.
NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in the individual links below.
CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability.
Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD Project||Affected||27 May 2016||06 Jun 2016|
|NTP Project||Affected||25 May 2016||02 Jun 2016|
|ACCESS||Unknown||27 May 2016||27 May 2016|
|Alcatel-Lucent||Unknown||27 May 2016||27 May 2016|
|Apple||Unknown||27 May 2016||27 May 2016|
|Arista Networks, Inc.||Unknown||27 May 2016||27 May 2016|
|Aruba Networks||Unknown||27 May 2016||27 May 2016|
|AT&T||Unknown||27 May 2016||27 May 2016|
|Avaya, Inc.||Unknown||27 May 2016||27 May 2016|
|Belkin, Inc.||Unknown||27 May 2016||27 May 2016|
|Blue Coat Systems||Unknown||27 May 2016||27 May 2016|
|CA Technologies||Unknown||27 May 2016||27 May 2016|
|CentOS||Unknown||27 May 2016||27 May 2016|
|Check Point Software Technologies||Unknown||27 May 2016||27 May 2016|
|Cisco||Unknown||27 May 2016||27 May 2016|
CVSS Metrics (Learn More)
The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.
This document was written by Joel Land.
- CVE IDs: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957
- Date Public: 02 Jun 2016
- Date First Published: 02 Jun 2016
- Date Last Updated: 06 Jun 2016
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.