#VU12302 Data handling in ntp - CVE-2016-7429
Published: April 30, 2018
Vulnerability identifier: #VU12302
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-7429
CWE-ID: CWE-19
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ntp
ntp
Software vendor:
ntp.org
ntp.org
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to changing the peer structure to the interface NTP receives the response from a source. A remote attacker can send a response for a source to an interface the source does not use and cause the service to crash.
The weakness exists due to changing the peer structure to the interface NTP receives the response from a source. A remote attacker can send a response for a source to an interface the source does not use and cause the service to crash.
Remediation
Update to version 4.2.8p9.