#VU37084 Input validation error


Published: 2018-06-04 | Updated: 2020-08-08

Vulnerability identifier: #VU37084

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9042

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions
FreeBSD
Operating systems & Components / Operating system

Vendor: ntp.org
FreeBSD Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ntp: 4.2.8

FreeBSD: 4.2.8, 10.0, 11.0

CPE

External links
http://www.securityfocus.com/bid/97046
http://www.securitytracker.com/id/1038123
http://www.securitytracker.com/id/1039427
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability