CVE-2016-7426
ntp: Client rate limiting and server responses
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
NTP en versiones anteriores a 4.2.8p9 limita la clasificación de respuestas recibidas desde las fuentes configuradas cuando la limitación de clasificación para todas las asociaciones está habilitado, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una dirección de origen suplantada.
It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-12-21 CVE Published
- 2024-04-15 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://nwtime.org/ntp428p9_release | Third Party Advisory | |
http://www.securityfocus.com/bid/94451 | Third Party Advisory | |
http://www.securitytracker.com/id/1037354 | Third Party Advisory | |
https://bto.bluecoat.com/security-advisory/sa139 | Third Party Advisory | |
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us | Third Party Advisory | |
https://www.kb.cert.org/vuls/id/633847 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0252.html | 2020-06-18 | |
http://support.ntp.org/bin/view/Main/NtpBug3071 | 2020-06-18 | |
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities | 2020-06-18 | |
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc | 2020-06-18 | |
https://usn.ubuntu.com/3707-2 | 2020-06-18 | |
https://access.redhat.com/security/cve/CVE-2016-7426 | 2017-02-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1397345 | 2017-02-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | >= 4.2.6 < 4.2.8 Search vendor "Ntp" for product "Ntp" and version " >= 4.2.6 < 4.2.8" | - |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | >= 4.3.0 < 4.3.94 Search vendor "Ntp" for product "Ntp" and version " >= 4.3.0 < 4.3.94" | - |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p203 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p204 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p205 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p206 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p207 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p208 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p209 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p210 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p211 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p212 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p213 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p214 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p215 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p216 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p217 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p218 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p219 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p220 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p221 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p222 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p223 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p224 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p225 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p226 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p227 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p228 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p229 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p230 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p231_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p232_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p233_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p234_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p235_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p236_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p237_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p238_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p239_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p240_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p241_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p242_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p243_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p244_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p245_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p246_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p247_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p248_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p249_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.5 Search vendor "Ntp" for product "Ntp" and version "4.2.5" | p250_rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | - |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta2 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta3 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta4 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta5 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-rc2 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc2 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc3 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc1 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc2 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc3 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p4 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p5 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p6 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p7 |
Affected
| ||||||
Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p8 |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Hpe Search vendor "Hpe" | Hpux-ntp Search vendor "Hpe" for product "Hpux-ntp" | >= b.11.31 < c.4.2.8.2.0 Search vendor "Hpe" for product "Hpux-ntp" and version " >= b.11.31 < c.4.2.8.2.0" | - |
Affected
|