Launchpad CVE tracker

CVE 2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Related bugs and status

CVE-2016-4955 (Candidate) is related to these bugs:

Bug #1528050: NTP statsdir cleanup cronjob insecure

		In	Importance	Status
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu)	Undecided	Fix Released
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Wily)	Undecided	Won't Fix
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.ntp.org/3043
CONFIRM: http://support.ntp.org...
CONFIRM: http://support.ntp.org...
CERT-VN: VU#321640
SUSE: SUSE-SU-2016:1563
SUSE: SUSE-SU-2016:1584
SUSE: SUSE-SU-2016:1602
SUSE: openSUSE-SU-2016:1583
SUSE: openSUSE-SU-2016:1636
CONFIRM: http://www.oracle.com/...
BID: 91007
GENTOO: GLSA-201607-15
SECTRACK: 1036037
FREEBSD: FreeBSD-SA-16:24
CONFIRM: https://cert-portal.si...
BUGTRAQ: 20160604 FreeBSD Secur...
BUGTRAQ: 20160604 FreeBSD Secur...
BUGTRAQ: 20160604 [slackware-se...
BUGTRAQ: 20160604 [slackware-se...
CERT-VN: VU#321640
CISCO: 20160603 Multiple Vuln...
FEDORA: FEDORA-2016-50b0066b7f
FEDORA: FEDORA-2016-89e0874533
FEDORA: FEDORA-2016-c3bd6a3496
MISC: http://packetstormsecu...
MISC: http://packetstormsecu...
MISC: https://us-cert.cisa.g...
SUSE: SUSE-SU-2016:1568
SUSE: SUSE-SU-2016:1912
SUSE: SUSE-SU-2016:2094
UBUNTU: USN-3096-1

Launchpad.net

CVE 2016-4955

Related bugs and status

Related bugs

References