Vulnerability CVE-2016-4957


Published: 2016-07-04   Modified: 2016-07-05

Description:
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Type:

CWE-20

(Improper Input Validation)

Vendor: Novell
Product: Suse openstack cloud 
Version: 5;
Product: LEAP 
Version: 42.1;
Product: Suse manager proxy 
Version: 2.1;
Product: Suse manager 
Version: 2.1;
Product: Opensuse 
Version: 13.2;
Product: Suse linux enterprise server 
Version: 12.0; 11.0;
Product: Suse linux enterprise desktop 
Version: 12.0;
Product: Suse linux enterprise debuginfo 
Version: 11.0;
Vendor: Opensuse
Product: LEAP 
Version: 42.1;
Product: Opensuse 
Version: 13.2;
Vendor: NTP
Product: NTP 
Version:
4.2.8
4.2.7p444
4.2.7
4.2.6
4.2.5
4.2.4
4.2.2
4.2.0
4.1.2
4.1.0
4.0.99
4.0.98
4.0.97
4.0.96
4.0.95
4.0.94
4.0.93
4.0.92
4.0.91
4.0.90
4.0.73
4.0.72
Vendor: Oracle
Product: Solaris 
Version: 11.3; 10;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://bugs.ntp.org/3046
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
http://support.ntp.org/bin/view/Main/NtpBug3046
http://support.ntp.org/bin/view/Main/SecurityNotice
http://www.kb.cert.org/vuls/id/321640
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1036037
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
https://security.gentoo.org/glsa/201607-15

Related CVE
CVE-2010-4177
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.
CVE-2010-4178
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console
CVE-2017-10010
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: FileUploads). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low...
CVE-2017-10003
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the in...
CVE-2017-10000
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged a...
CVE-2019-2879
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
CVE-2019-2878
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated...
CVE-2019-2877
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logo...

Copyright 2019, cxsecurity.com

 

Back to Top