CVE-2016-9042

Priority
Description
An exploitable denial of service vulnerability exists in the origin
timestamp check functionality of ntpd 4.2.8p9. A specially crafted
unauthenticated network packet can be used to reset the expected origin
timestamp for target peers. Legitimate replies from targeted peers will
fail the origin timestamp check (TEST2) causing the reply to be dropped and
creating a denial of service condition.
Notes
mdeslaurntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
introduced in patch for CVE-2016-7431
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (1:4.2.8p10+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1:4.2.6.p3+dfsg-1ubuntu3.11)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:4.2.8p4+dfsg-3ubuntu5.3)
Patches:
Upstream:http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=58b56309OyBGP4pGEYHVzLh4VoQ8pg
More Information

Updated: 2020-03-18 22:46:54 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)