CVE-2016-7426

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

Published: Jan 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-7426
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
ntp / ntp	4.2.5-p238_rc1	4.2.5-p238_rc1.x
ntp / ntp	4.2.5-p240_rc1	4.2.5-p240_rc1.x
ntp / ntp	4.2.5-p210	4.2.5-p210.x
ntp / ntp	4.2.5-p212	4.2.5-p212.x
ntp / ntp	4.2.5-p207	4.2.5-p207.x
ntp / ntp	4.2.5-p244_rc1	4.2.5-p244_rc1.x
ntp / ntp	4.2.5-p204	4.2.5-p204.x
ntp / ntp	4.2.5-p230	4.2.5-p230.x
ntp / ntp	4.2.5-p237_rc1	4.2.5-p237_rc1.x
ntp / ntp	4.2.5-p241_rc1	4.2.5-p241_rc1.x
ntp / ntp	4.2.5-p225	4.2.5-p225.x
ntp / ntp	4.2.5-p248_rc1	4.2.5-p248_rc1.x
ntp / ntp	4.2.5-p231_rc1	4.2.5-p231_rc1.x
ntp / ntp	4.2.8-p5	4.2.8-p5.x
ntp / ntp	4.2.5-p220	4.2.5-p220.x
ntp / ntp	4.2.8-p2	4.2.8-p2.x
ntp / ntp	4.2.8-p3	4.2.8-p3.x
ntp / ntp	4.2.5-p232_rc1	4.2.5-p232_rc1.x
ntp / ntp	4.2.5-p223	4.2.5-p223.x
ntp / ntp	4.2.5-p217	4.2.5-p217.x
ntp / ntp	4.2.5-p216	4.2.5-p216.x
ntp / ntp	4.2.8-p4	4.2.8-p4.x
ntp / ntp	4.2.5-p206	4.2.5-p206.x
ntp / ntp	4.2.5-p219	4.2.5-p219.x
ntp / ntp	4.2.5-p243_rc1	4.2.5-p243_rc1.x
ntp / ntp	4.2.5-p247_rc1	4.2.5-p247_rc1.x
ntp / ntp	4.2.5-p236_rc1	4.2.5-p236_rc1.x
ntp / ntp	4.2.8-p7	4.2.8-p7.x
ntp / ntp	4.2.5-p214	4.2.5-p214.x
ntp / ntp	4.2.5-p239_rc1	4.2.5-p239_rc1.x
ntp / ntp	4.2.5-p205	4.2.5-p205.x
ntp / ntp	4.2.5-p242_rc1	4.2.5-p242_rc1.x
ntp / ntp	4.2.5-p228	4.2.5-p228.x
ntp / ntp	4.2.5-p211	4.2.5-p211.x
ntp / ntp	4.2.5-p229	4.2.5-p229.x
ntp / ntp	4.2.5-p246_rc1	4.2.5-p246_rc1.x
ntp / ntp	4.2.5-p222	4.2.5-p222.x
ntp / ntp	4.2.5-p224	4.2.5-p224.x
ntp / ntp	4.2.5-p250_rc1	4.2.5-p250_rc1.x
ntp / ntp	4.2.5-p203	4.2.5-p203.x
ntp / ntp	4.2.5-p218	4.2.5-p218.x
ntp / ntp	4.2.5-p209	4.2.5-p209.x
ntp / ntp	4.2.8-p8	4.2.8-p8.x
ntp / ntp	4.2.5-p208	4.2.5-p208.x
ntp / ntp	4.2.5-p234_rc1	4.2.5-p234_rc1.x
ntp / ntp	4.2.5-p245_rc1	4.2.5-p245_rc1.x
ntp / ntp	4.2.5-p215	4.2.5-p215.x
ntp / ntp	4.2.5-p249_rc1	4.2.5-p249_rc1.x
ntp / ntp	4.2.5-p227	4.2.5-p227.x
ntp / ntp	4.2.5-p221	4.2.5-p221.x
ntp / ntp	4.2.5-p235_rc1	4.2.5-p235_rc1.x
ntp / ntp	4.2.5-p226	4.2.5-p226.x
ntp / ntp	4.2.8-p6	4.2.8-p6.x
ntp / ntp	4.2.8-p1	4.2.8-p1.x
ntp / ntp	4.2.5-p213	4.2.5-p213.x
ntp / ntp	4.2.5-p233_rc1	4.2.5-p233_rc1.x
ntp / ntp	4.2.8-p3-rc3	4.2.8-p3-rc3.x
ntp / ntp	4.2.8-p3-rc2	4.2.8-p3-rc2.x
ntp / ntp	4.2.8-p3-rc1	4.2.8-p3-rc1.x
ntp / ntp	4.2.8-p2-rc3	4.2.8-p2-rc3.x
ntp / ntp	4.2.8-p2-rc2	4.2.8-p2-rc2.x
ntp / ntp	4.2.8-p2-rc1	4.2.8-p2-rc1.x
ntp / ntp	4.2.8-p1-rc2	4.2.8-p1-rc2.x
ntp / ntp	4.2.8-p1-rc1	4.2.8-p1-rc1.x
ntp / ntp	4.2.8-p1-beta5	4.2.8-p1-beta5.x
ntp / ntp	4.2.8-p1-beta4	4.2.8-p1-beta4.x
ntp / ntp	4.2.8-p1-beta3	4.2.8-p1-beta3.x
ntp / ntp	4.2.8-p1-beta2	4.2.8-p1-beta2.x
ntp / ntp	4.2.8-p1-beta1	4.2.8-p1-beta1.x
ntp / ntp	4.2.8	4.2.8.x
ntp / ntp	4.2.6	4.2.8
ntp / ntp	4.3.0	4.3.94
canonical / ubuntu_linux	12.04	12.04.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.3	7.3.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.7	7.7.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
hpe / hpux-ntp	b.11.31	c.4.2.8.2.0

Vulnerability Database

289,784

CVE-2016-7426