CVE-2016-4953

Priority
Description
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of
service (ephemeral-association demobilization) by sending a spoofed
crypto-NAK packet with incorrect authentication data at a certain time.
Notes
mdeslaurincomplete fix for CVE-2015-7979 and CVE-2016-1547
redhat's fix for CVE-2015-7979 doesn't introduce this CVE
Ubuntu uses redhat's fix
Package
Source: ntp (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2020-09-10 05:29:03 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)