CVE-2016-9310

Loading...

General

Score:6.4/10.0
Severity:Medium
Category:Resource Management Error

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-5211, CVE-2015-5219, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518, CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9042, CVE-2016-9311, CVE-2017-6458, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464

Published on 13/01/17 - Updated on 10/05/18

Description

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

Category: Resource Management Error

CWE-400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.

Security Notices

US National Vulnerability DatabaseCVE-2016-9310
Amazon Linux ALAS-2017-781
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2017-AVI-090, CERTFR-2017-AVI-111, CERTFR-2017-AVI-212
Arch Linux ASA-201611-28
CentOS CESA-2017:0252
Oracle Linux ELSA-2017-0252, ELSA-2017-3071, ELSA-2018-0855
Redhat RHSA-2017:0252
SUSE SUSE-SU-2016:3193, SUSE-SU-2016:3195, SUSE-SU-2016:3196, SUSE-SU-2017:0255
Ubuntu USN-3349-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ntpntp

Share this vulnerability with:

Twitter Facebook LinkedIn Mail