CVE-2016-4955

Loading...

General

Score:2.6/10.0
Severity:Low
Category:Interaction Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:None

Relative vulnerabilities

CVE-2015-1798, CVE-2015-1799, CVE-2015-5194, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8158, CVE-2016-0727, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-4953, CVE-2016-4954, CVE-2016-4956, CVE-2016-4957

Published on 07/05/16 - Updated on 11/21/17

Description

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Category: Interaction Error

CWE-362 (Race Conditions)
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Security Notices

US National Vulnerability DatabaseCVE-2016-4955
Amazon Linux ALAS-2016-727
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-209
SUSE SUSE-SU-2016:1563, SUSE-SU-2016:1568, SUSE-SU-2016:1584, SUSE-SU-2016:1602, SUSE-SU-2016:1912
Ubuntu USN-3096-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
novellleap
novellopensuse
novellsuse_linux_enterprise_debuginfo
novellsuse_linux_enterprise_desktop
novellsuse_linux_enterprise_server
novellsuse_manager
novellsuse_manager_proxy
novellsuse_openstack_cloud
ntpntp
oraclesolaris

Share this vulnerability with:

Twitter Facebook LinkedIn Mail