// For flags

CVE-2016-7433

ntp: Broken initial sync calculations regression

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

NTP en versiones anteriores a 4.2.8p9 no realiza adecuadamente los cálculos de sincronización inicial, lo que permite a atacantes remotos un impacto no especificado a través de vectores desconocidos, relacionado con una "distancia de raíz que no incluía la dispersión de pares".

A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-09-09 CVE Reserved
  • 2017-01-13 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-682: Incorrect Calculation
CAPEC
References (26)
URL Tag Source
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html X_refsource_confirm
http://www.securityfocus.com/archive/1/539955/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/540254/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded Mailing List
http://www.securityfocus.com/bid/94455 Vdb Entry
http://www.securitytracker.com/id/1037354 Vdb Entry
https://bto.bluecoat.com/security-advisory/sa139 X_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf X_refsource_confirm
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us X_refsource_confirm
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 X_refsource_misc
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227 X_refsource_confirm
https://www.kb.cert.org/vuls/id/633847 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html 2023-11-07
http://nwtime.org/ntp428p9_release 2023-11-07
http://rhn.redhat.com/errata/RHSA-2017-0252.html 2023-11-07
http://support.ntp.org/bin/view/Main/NtpBug3067 2023-11-07
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities 2023-11-07
http://www.ubuntu.com/usn/USN-3349-1 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP 2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc 2023-11-07
https://access.redhat.com/security/cve/CVE-2016-7433 2017-02-06
https://bugzilla.redhat.com/show_bug.cgi?id=1397347 2017-02-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ntp
Search vendor "Ntp"
 Ntp
Search vendor "Ntp" for product "Ntp"
 <= 4.2.8
Search vendor "Ntp" for product "Ntp" and version " <= 4.2.8"
p8
Affected