CVE-2016-9042 (retired)

Priority
Description
An exploitable denial of service vulnerability exists in the origin
timestamp check functionality of ntpd 4.2.8p9. A specially crafted
unauthenticated network packet can be used to reset the expected origin
timestamp for target peers. Legitimate replies from targeted peers will
fail the origin timestamp check (TEST2) causing the reply to be dropped and
creating a denial of service condition.
Notes
 mdeslaur> ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
 mdeslaur> introduced in patch for CVE-2016-7431
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (1:4.2.8p10+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1:4.2.6.p3+dfsg-1ubuntu3.11)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:4.2.8p4+dfsg-3ubuntu5.3)
Patches:
Upstream:http://bk1.ntp.org/ntp-stable/?PAGE=cset&REV=58b56309OyBGP4pGEYHVzLh4VoQ8pg
More Information

Updated: 2019-03-26 12:23:22 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)