CVE-2016-4957

Priority
Description
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of
service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2016-1547.
Notes
mdeslaurincorrect fix for CVE-2016-1547
redhat's fix for CVE-2016-1547 doesn't introduce this issue
Ubuntu uses redhat's fix
Package
Source: ntp (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2020-09-10 05:29:04 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)