CVE-2016-9310

Опубликовано: 21 нояб. 2016

Источник: redhat

CVSS3: 4.8

CVSS2: 5.8

EPSS Средний

Описание

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks.

Меры по смягчению последствий

Use "restrict default noquery ..." in your ntp.conf file.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	ntp	Will not fix
Red Hat Enterprise Linux 6	ntp	Fixed	RHSA-2017:0252	06.02.2017
Red Hat Enterprise Linux 7	ntp	Fixed	RHSA-2017:0252	06.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1397319ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector

EPSS

Процентиль: 94%

0.14524

Средний

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

CVE-2016-9310

CVSS3: 6.5

ubuntu

почти 9 лет назад

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

CVE-2016-9310

CVSS3: 6.5

nvd

почти 9 лет назад

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

CVE-2016-9310

CVSS3: 6.5

debian

почти 9 лет назад

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...

GHSA-x99c-5hjh-5p3r

CVSS3: 6.5

github

больше 3 лет назад

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

ELSA-2017-0252

oracle-oval

почти 9 лет назад

ELSA-2017-0252: ntp security update (MODERATE)

EPSS

Процентиль: 94%

0.14524

Средний

4.8 Medium

CVSS3

5.8 Medium

CVSS2