#VU54025 Race condition


Published: 2021-06-10

Vulnerability identifier: #VU54025

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4954

CWE-ID: CWE-362

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions

Vendor: ntp.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the "process_packet" function in ntp_proto.c in ntpd. A remote attacker can exploit the race and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ntp: 4.0.72, 4.0.73, 4.0.90, 4.0.91, 4.0.92, 4.0.93, 4.0.94, 4.0.95, 4.0.96, 4.0.97, 4.0.98, 4.0.99, 4.1.0, 4.1.2, 4.2.0, 4.2.2, 4.2.2p1, 4.2.2p2, 4.2.2p3, 4.2.2p4, 4.2.2p4-RC4, 4.2.3, 4.2.3p0, 4.2.3p1, 4.2.3p2, 4.2.3p5, 4.2.3p6, 4.2.3p7, 4.2.3p8, 4.2.3p9, 4.2.3p10, 4.2.3p11, 4.2.3p12, 4.2.3p13, 4.2.3p14, 4.2.3p15, 4.2.3p16, 4.2.3p17, 4.2.3p18, 4.2.3p19, 4.2.3p20, 4.2.3p21, 4.2.3p25, 4.2.3p26, 4.2.3p27, 4.2.3p28, 4.2.3p29, 4.2.3p30, 4.2.3p31, 4.2.3p33, 4.2.3p34, 4.2.3p36, 4.2.3p37, 4.2.3p38, 4.2.3p39, 4.2.3p41, 4.2.3p42, 4.2.3p43, 4.2.3p44, 4.2.3p45, 4.2.3p46, 4.2.3p47, 4.2.3p48, 4.2.3p49, 4.2.3p50, 4.2.3p51, 4.2.3p52, 4.2.3p53, 4.2.3p54, 4.2.3p55, 4.2.3p56, 4.2.3p57, 4.2.3p58, 4.2.3p59, 4.2.4 RC3, 4.2.4p0, 4.2.4p0-RC4, 4.2.4p0-RC5, 4.2.4p1, 4.2.4p2, 4.2.4p2-RC1, 4.2.4p2-RC2, 4.2.4p2-RC3, 4.2.4p2-RC4, 4.2.4p2-RC5, 4.2.4p2-RC6, 4.2.4p3, 4.2.4p3-RC1, 4.2.4p4, 4.2.4p4-RC1, 4.2.4p4-RC2, 4.2.4p5, 4.2.4p5-RC1, 4.2.4p5-RC2, 4.2.4p6, 4.2.4p7, 4.2.4p7-RC1, 4.2.4p7-RC2, 4.2.4p7-RC3, 4.2.4p7-RC4, 4.2.4p7-RC5, 4.2.4p7-RC6, 4.2.4p7-RC7, 4.2.4p8, 4.2.5, 4.2.5p0, 4.2.5p1, 4.2.5p2, 4.2.5p3, 4.2.5p4, 4.2.5p5, 4.2.5p6, 4.2.5p7, 4.2.5p8, 4.2.5p9, 4.2.5p10, 4.2.5p11, 4.2.5p12, 4.2.5p13, 4.2.5p14, 4.2.5p15, 4.2.5p16, 4.2.5p17, 4.2.5p18, 4.2.5p19, 4.2.5p20, 4.2.5p21, 4.2.5p22, 4.2.5p23, 4.2.5p24, 4.2.5p25, 4.2.5p26, 4.2.5p27, 4.2.5p28, 4.2.5p29, 4.2.5p30, 4.2.5p31, 4.2.5p32, 4.2.5p33, 4.2.5p34, 4.2.5p35, 4.2.5p36, 4.2.5p37, 4.2.5p38, 4.2.5p39, 4.2.5p40, 4.2.5p41, 4.2.5p42, 4.2.5p43, 4.2.5p44, 4.2.5p45, 4.2.5p46, 4.2.5p47, 4.2.5p48, 4.2.5p49, 4.2.5p50, 4.2.5p51, 4.2.5p52, 4.2.5p53, 4.2.5p54, 4.2.5p55, 4.2.5p56, 4.2.5p57, 4.2.5p58, 4.2.5p59, 4.2.5p60, 4.2.5p61, 4.2.5p62, 4.2.5p63, 4.2.5p64, 4.2.5p65, 4.2.5p66, 4.2.5p67, 4.2.5p68, 4.2.5p69, 4.2.5p70, 4.2.5p71, 4.2.5p72, 4.2.5p73, 4.2.5p74, 4.2.5p75, 4.2.5p76, 4.2.5p77, 4.2.5p78, 4.2.5p79, 4.2.5p80, 4.2.5p81, 4.2.5p82, 4.2.5p83, 4.2.5p84, 4.2.5p85, 4.2.5p86, 4.2.5p87, 4.2.5p88, 4.2.5p89, 4.2.5p90, 4.2.5p91, 4.2.5p92, 4.2.5p93, 4.2.5p94, 4.2.5p95, 4.2.5p96, 4.2.5p97, 4.2.5p98, 4.2.5p99, 4.2.5p100, 4.2.5p101, 4.2.5p102, 4.2.5p103, 4.2.5p104, 4.2.5p105, 4.2.5p106, 4.2.5p107, 4.2.5p108, 4.2.5p109, 4.2.5p110, 4.2.5p111, 4.2.5p112, 4.2.5p113, 4.2.5p114, 4.2.5p115, 4.2.5p116, 4.2.5p117, 4.2.5p118, 4.2.5p119, 4.2.5p120, 4.2.5p121, 4.2.5p122, 4.2.5p123, 4.2.5p124, 4.2.5p125, 4.2.5p126, 4.2.5p127, 4.2.5p128, 4.2.5p129, 4.2.5p130, 4.2.5p131, 4.2.5p132, 4.2.5p133, 4.2.5p134, 4.2.5p135, 4.2.5p136, 4.2.5p137, 4.2.5p138, 4.2.5p139, 4.2.5p140, 4.2.5p141, 4.2.5p142, 4.2.5p143, 4.2.5p144, 4.2.5p145, 4.2.5p146, 4.2.5p147, 4.2.5p148, 4.2.5p149, 4.2.5p150, 4.2.5p151, 4.2.5p152, 4.2.5p153, 4.2.5p154, 4.2.5p155, 4.2.5p156, 4.2.5p157, 4.2.5p158, 4.2.5p159, 4.2.5p160, 4.2.5p161, 4.2.5p162, 4.2.5p163, 4.2.5p164, 4.2.5p165, 4.2.5p166, 4.2.5p167, 4.2.5p168, 4.2.5p169, 4.2.5p170, 4.2.5p171, 4.2.5p172, 4.2.5p173, 4.2.5p174, 4.2.5p175, 4.2.5p176, 4.2.5p177, 4.2.5p178, 4.2.5p179, 4.2.5p180, 4.2.5p181, 4.2.5p182, 4.2.5p183, 4.2.5p184, 4.2.5p185, 4.2.5p186, 4.2.5p187, 4.2.5p188, 4.2.5p189, 4.2.5p190, 4.2.5p191, 4.2.5p192, 4.2.5p193, 4.2.5p194, 4.2.5p195, 4.2.5p196, 4.2.5p197, 4.2.5p198, 4.2.5p199, 4.2.5p200, 4.2.5p201, 4.2.5p202, 4.2.5p203, 4.2.5p204, 4.2.5p205, 4.2.5p206, 4.2.5p207, 4.2.5p208, 4.2.5p209, 4.2.5p210, 4.2.5p211, 4.2.5p212, 4.2.5p213, 4.2.5p214, 4.2.5p215, 4.2.5p216, 4.2.5p217, 4.2.5p218, 4.2.5p219, 4.2.5p220, 4.2.5p221, 4.2.5p222, 4.2.5p223, 4.2.5p224, 4.2.5p225, 4.2.5p226, 4.2.5p227, 4.2.5p228, 4.2.5p229, 4.2.6, 4.2.6p1, 4.2.6p1-RC1, 4.2.6p1-RC2, 4.2.6p1-RC3, 4.2.6p1-RC4, 4.2.6p1-RC5, 4.2.6p1-RC6, 4.2.6p2, 4.2.6p2-RC1, 4.2.6p2-RC2, 4.2.6p2-RC3, 4.2.6p2-RC4, 4.2.6p2-RC5, 4.2.6p2-RC6, 4.2.6p2-RC7, 4.2.6p3, 4.2.6p3-beta1, 4.2.6p3-RC1, 4.2.6p3-RC2, 4.2.6p3-RC3, 4.2.6p3-RC4, 4.2.6p3-RC5, 4.2.6p3-RC6, 4.2.6p3-RC7, 4.2.6p3-RC8, 4.2.6p3-RC9, 4.2.6p3-RC10, 4.2.6p3-RC11, 4.2.6p3-RC12, 4.2.6p4, 4.2.6p4-beta1, 4.2.6p4-beta2, 4.2.6p4-RC1, 4.2.6p4-RC2, 4.2.6p5, 4.2.6p5-RC1, 4.2.6p5-RC2, 4.2.6p5-RC3, 4.2.7, 4.2.7p0, 4.2.7p1, 4.2.7p2, 4.2.7p3, 4.2.7p4, 4.2.7p5, 4.2.7p6, 4.2.7p7, 4.2.7p8, 4.2.7p9, 4.2.7p10, 4.2.7p11, 4.2.7p12, 4.2.7p13, 4.2.7p14, 4.2.7p15, 4.2.7p16, 4.2.7p17, 4.2.7p18, 4.2.7p19, 4.2.7p20, 4.2.7p21, 4.2.7p22, 4.2.7p23, 4.2.7p24, 4.2.7p25, 4.2.7p26, 4.2.7p27, 4.2.7p29, 4.2.7p30, 4.2.7p31, 4.2.7p32, 4.2.7p33, 4.2.7p34, 4.2.7p35, 4.2.7p36, 4.2.7p37, 4.2.7p38, 4.2.7p39, 4.2.7p40, 4.2.7p41, 4.2.7p42, 4.2.7p43, 4.2.7p44, 4.2.7p45, 4.2.7p47, 4.2.7p48, 4.2.7p49, 4.2.7p50, 4.2.7p51, 4.2.7p52, 4.2.7p53, 4.2.7p54, 4.2.7p55, 4.2.7p56, 4.2.7p57, 4.2.7p58, 4.2.7p59, 4.2.7p60, 4.2.7p61, 4.2.7p62, 4.2.7p63, 4.2.7p64, 4.2.7p65, 4.2.7p66, 4.2.7p67, 4.2.7p68, 4.2.7p69, 4.2.7p70, 4.2.7p71, 4.2.7p72, 4.2.7p73, 4.2.7p74, 4.2.7p76, 4.2.7p77, 4.2.7p78, 4.2.7p79, 4.2.7p80, 4.2.7p81, 4.2.7p82, 4.2.7p83, 4.2.7p84, 4.2.7p85, 4.2.7p86, 4.2.7p87, 4.2.7p89, 4.2.7p90, 4.2.7p91, 4.2.7p92, 4.2.7p93, 4.2.7p94, 4.2.7p95, 4.2.7p96, 4.2.7p97, 4.2.7p98, 4.2.7p99, 4.2.7p100, 4.2.7p101, 4.2.7p103, 4.2.7p104, 4.2.7p105, 4.2.7p106, 4.2.7p107, 4.2.7p108, 4.2.7p109, 4.2.7p110, 4.2.7p111, 4.2.7p112, 4.2.7p113, 4.2.7p114, 4.2.7p115, 4.2.7p116, 4.2.7p117, 4.2.7p118, 4.2.7p120, 4.2.7p121, 4.2.7p122, 4.2.7p123, 4.2.7p124, 4.2.7p125, 4.2.7p126, 4.2.7p127, 4.2.7p128, 4.2.7p129, 4.2.7p130, 4.2.7p131, 4.2.7p132, 4.2.7p133, 4.2.7p134, 4.2.7p135, 4.2.7p136, 4.2.7p137, 4.2.7p138, 4.2.7p139, 4.2.7p140, 4.2.7p141, 4.2.7p142, 4.2.7p143, 4.2.7p144, 4.2.7p145, 4.2.7p146, 4.2.7p147, 4.2.7p148, 4.2.7p149, 4.2.7p150, 4.2.7p151, 4.2.7p152, 4.2.7p153, 4.2.7p154, 4.2.7p155, 4.2.7p156, 4.2.7p157, 4.2.7p158, 4.2.7p159, 4.2.7p160, 4.2.7p161, 4.2.7p162, 4.2.7p163, 4.2.7p164, 4.2.7p165, 4.2.7p166, 4.2.7p167, 4.2.7p168, 4.2.7p169, 4.2.7p170, 4.2.7p171, 4.2.7p172, 4.2.7p173, 4.2.7p174, 4.2.7p175, 4.2.7p176, 4.2.7p177, 4.2.7p178, 4.2.7p179, 4.2.7p180, 4.2.7p181, 4.2.7p182, 4.2.7p183, 4.2.7p184, 4.2.7p185, 4.2.7p186, 4.2.7p187, 4.2.7p188, 4.2.7p189, 4.2.7p190, 4.2.7p191, 4.2.7p192, 4.2.7p193, 4.2.7p194, 4.2.7p195, 4.2.7p196, 4.2.7p197, 4.2.7p198, 4.2.7p199, 4.2.7p200, 4.2.7p201, 4.2.7p202, 4.2.7p203, 4.2.7p204, 4.2.7p205, 4.2.7p206, 4.2.7p207, 4.2.7p208, 4.2.7p209, 4.2.7p210, 4.2.7p211, 4.2.7p212, 4.2.7p213, 4.2.7p214, 4.2.7p215, 4.2.7p216, 4.2.7p217, 4.2.7p218, 4.2.7p219, 4.2.7p220, 4.2.7p221, 4.2.7p222, 4.2.7p223, 4.2.7p224, 4.2.7p225, 4.2.7p226, 4.2.7p227, 4.2.7p228, 4.2.7p229, 4.2.7p230, 4.2.7p231, 4.2.7p232, 4.2.7p233, 4.2.7p234, 4.2.7p235, 4.2.7p236, 4.2.7p237, 4.2.7p238, 4.2.7p239, 4.2.7p240, 4.2.7p241, 4.2.7p242, 4.2.7p243, 4.2.7p244, 4.2.7p245, 4.2.7p246, 4.2.7p247, 4.2.7p248, 4.2.7p249, 4.2.7p250, 4.2.7p251, 4.2.7p252, 4.2.7p253, 4.2.7p254, 4.2.7p255, 4.2.7p256, 4.2.7p257, 4.2.7p258, 4.2.7p259, 4.2.7p260, 4.2.7p261, 4.2.7p262, 4.2.7p263, 4.2.7p264, 4.2.7p265, 4.2.7p266, 4.2.7p267, 4.2.7p268, 4.2.7p269, 4.2.7p270, 4.2.7p271, 4.2.7p272, 4.2.7p273, 4.2.7p274, 4.2.7p275, 4.2.7p276, 4.2.7p277, 4.2.7p278, 4.2.7p279, 4.2.7p280, 4.2.7p281, 4.2.7p282, 4.2.7p283, 4.2.7p284, 4.2.7p285, 4.2.7p286, 4.2.7p287, 4.2.7p288, 4.2.7p289, 4.2.7p290, 4.2.7p291, 4.2.7p292, 4.2.7p293, 4.2.7p294, 4.2.7p295, 4.2.7p296, 4.2.7p297, 4.2.7p298, 4.2.7p299, 4.2.7p300, 4.2.7p301, 4.2.7p302, 4.2.7p303, 4.2.7p304, 4.2.7p305, 4.2.7p306, 4.2.7p307, 4.2.7p308, 4.2.7p309, 4.2.7p310, 4.2.7p311, 4.2.7p312, 4.2.7p313, 4.2.7p314, 4.2.7p315, 4.2.7p316, 4.2.7p317, 4.2.7p318, 4.2.7p319, 4.2.7p320, 4.2.7p321, 4.2.7p324, 4.2.7p325, 4.2.7p326, 4.2.7p327, 4.2.7p328, 4.2.7p329, 4.2.7p330, 4.2.7p331, 4.2.7p332, 4.2.7p333, 4.2.7p334, 4.2.7p335, 4.2.7p336, 4.2.7p337, 4.2.7p338, 4.2.7p339, 4.2.7p340, 4.2.7p341, 4.2.7p342, 4.2.7p343, 4.2.7p344, 4.2.7p345, 4.2.7p346, 4.2.7p347, 4.2.7p348, 4.2.7p349, 4.2.7p350, 4.2.7p351, 4.2.7p352, 4.2.7p353, 4.2.7p354, 4.2.7p355, 4.2.7p356, 4.2.7p357, 4.2.7p358, 4.2.7p359, 4.2.7p360, 4.2.7p361, 4.2.7p362, 4.2.7p363, 4.2.7p364, 4.2.7p365, 4.2.7p366, 4.2.7p367, 4.2.7p368, 4.2.7p369, 4.2.7p370, 4.2.7p371, 4.2.7p372, 4.2.7p373, 4.2.7p374, 4.2.7p375, 4.2.7p376, 4.2.7p377, 4.2.7p378, 4.2.7p379, 4.2.7p380, 4.2.7p381, 4.2.7p382, 4.2.7p383, 4.2.7p384, 4.2.7p385, 4.2.7p386, 4.2.7p387, 4.2.7p388, 4.2.7p389, 4.2.7p390, 4.2.7p391, 4.2.7p392, 4.2.7p393, 4.2.7p394, 4.2.7p395, 4.2.7p396, 4.2.7p397, 4.2.7p398, 4.2.7p399, 4.2.7p400, 4.2.7p401, 4.2.7p402, 4.2.7p403, 4.2.7p404, 4.2.7p405, 4.2.7p406, 4.2.7p407, 4.2.7p408, 4.2.7p409, 4.2.7p410, 4.2.7p411, 4.2.7p412, 4.2.7p413, 4.2.7p414, 4.2.7p415, 4.2.7p416, 4.2.7p417, 4.2.7p418, 4.2.7p419, 4.2.7p420, 4.2.7p421, 4.2.7p422, 4.2.7p423, 4.2.7p424, 4.2.7p425, 4.2.7p426, 4.2.7p427, 4.2.7p428, 4.2.7p429, 4.2.7p430, 4.2.7p431, 4.2.7p432, 4.2.7p433, 4.2.7p434, 4.2.7p435, 4.2.7p436, 4.2.7p437, 4.2.7p438, 4.2.7p439, 4.2.7p440, 4.2.7p441, 4.2.7p442, 4.2.7p443, 4.2.7p444, 4.2.7p445, 4.2.7p446, 4.2.7p447, 4.2.7p448, 4.2.7p449, 4.2.7p450, 4.2.7p451, 4.2.7p452, 4.2.7p453, 4.2.7p454, 4.2.7p455, 4.2.7p456, 4.2.7p457, 4.2.7p458, 4.2.7p459, 4.2.7p460, 4.2.7p461, 4.2.7p462, 4.2.7p463, 4.2.7p464, 4.2.7p465, 4.2.7p466, 4.2.7p467, 4.2.7p468, 4.2.7p469, 4.2.7p470, 4.2.7p471, 4.2.7p472, 4.2.7p473, 4.2.7p474, 4.2.7p475, 4.2.7p476, 4.2.7p477, 4.2.7p478, 4.2.7p479, 4.2.7p480, 4.2.7p481, 4.2.7p482, 4.2.7p483, 4.2.8, 4.2.8p1, 4.2.8p1-beta1, 4.2.8p1-beta2, 4.2.8p1-beta3, 4.2.8p1-beta4, 4.2.8p1-beta5, 4.2.8p1-RC1, 4.2.8p1-RC2, 4.2.8p2, 4.2.8p2-RC1, 4.2.8p2-RC2, 4.2.8p2-RC3, 4.2.8p3, 4.2.8p3-RC1, 4.2.8p3-RC2, 4.2.8p3-RC3, 4.2.8p4, 4.2.8p4-RC1, 4.2.8p5, 4.2.8p6, 4.2.8p7

CPE

External links
http://www.kb.cert.org/vuls/id/321640
http://bugs.ntp.org/3044
http://support.ntp.org/bin/view/Main/NtpBug3044
http://support.ntp.org/bin/view/Main/SecurityNotice
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1036037
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability