{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-24T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"}, {"name": "USN-3707-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3707-2/"}, {"name": "RHSA-2017:0252", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://nwtime.org/ntp428p9_release/"}, {"name": "VU#633847", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/633847"}, {"name": "1037354", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037354"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3071"}, {"name": "FreeBSD-SA-16:39", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"}, {"name": "94451", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94451"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7426", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"}, {"name": "USN-3707-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3707-2/"}, {"name": "RHSA-2017:0252", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"}, {"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"name": "http://nwtime.org/ntp428p9_release/", "refsource": "CONFIRM", "url": "http://nwtime.org/ntp428p9_release/"}, {"name": "VU#633847", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/633847"}, {"name": "1037354", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037354"}, {"name": "https://bto.bluecoat.com/security-advisory/sa139", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"name": "http://support.ntp.org/bin/view/Main/NtpBug3071", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug3071"}, {"name": "FreeBSD-SA-16:39", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"}, {"name": "94451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94451"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.647Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"}, {"name": "USN-3707-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3707-2/"}, {"name": "RHSA-2017:0252", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://nwtime.org/ntp428p9_release/"}, {"name": "VU#633847", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/633847"}, {"name": "1037354", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037354"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3071"}, {"name": "FreeBSD-SA-16:39", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"}, {"name": "94451", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94451"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7426", "datePublished": "2017-01-13T16:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB9B114E-15BF-4731-9296-A8F82591B418", "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3505DE7A-B365-4455-A7BC-474019426C46", "versionEndExcluding": "4.3.94", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*", "matchCriteriaId": "EA207F59-B630-4BBB-9CD7-BA7B64581907", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*", "matchCriteriaId": "06AE2082-B219-4E94-89E8-E1328224C9D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*", "matchCriteriaId": "6E0F5656-3E41-4568-A810-F2CFA3677488", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*", "matchCriteriaId": "934152EB-5F5A-4BD8-B832-3B342551F9AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*", "matchCriteriaId": "6936BEB5-B765-45C5-B671-A9D0CC4988C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*", "matchCriteriaId": "BAA1E4CD-45EE-4814-AC6B-DE786C5B3B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*", "matchCriteriaId": "95779DD0-C768-4B1C-A720-23BE19606B23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*", "matchCriteriaId": "1B035472-2B64-4BE4-8D25-6E31937641E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*", "matchCriteriaId": "3CE88876-F0BB-43A1-9A4A-91C5D6FFC02B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*", "matchCriteriaId": "4E4BE466-B479-47BA-9A1F-F0184E252103", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*", "matchCriteriaId": "4E6D7F8F-EF71-44E6-B33F-E0265266C616", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*", "matchCriteriaId": "AC47FB1E-289A-4AA1-9DF1-0CEE13C9335F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*", "matchCriteriaId": "B7BC8DB4-E715-44F1-8759-0414613C9F38", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*", "matchCriteriaId": "5AF5BC27-EE65-4FB4-975E-FA3933B3202C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*", "matchCriteriaId": "795D50A9-41E5-40CE-88E9-391229607301", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*", "matchCriteriaId": "1DE4338B-F5B3-4410-886D-0F28A7ECE824", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*", "matchCriteriaId": "B1463DC6-D0C7-46E6-8418-B7900C99D079", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*", "matchCriteriaId": "C5B7AA5B-2BD5-4F19-A8BB-DF4677995602", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*", "matchCriteriaId": "DBCF724B-5018-4794-97D9-D8EDC2F04060", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*", "matchCriteriaId": "2A62EAF1-3D51-456F-BBE3-A2E8CBE7960D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*", "matchCriteriaId": "67D86D6C-A8A3-4CD4-B1A5-57941B51C732", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*", "matchCriteriaId": "E793243F-4179-46C9-B422-DC3D6E688B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*", "matchCriteriaId": "6EAC9B6E-3A88-4DED-A5D4-862E076620BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*", "matchCriteriaId": "AD8E8B74-6E16-47FF-A019-54B0438A8CE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*", "matchCriteriaId": "3C210EFA-7BF2-4EEE-B59C-F3C75743E182", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*", "matchCriteriaId": "23A9CDE2-4520-4542-93B0-74A01E919597", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*", "matchCriteriaId": "94A7790A-DACE-4F02-B2FF-2C851EFD9717", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*", "matchCriteriaId": "5ED47A47-3CB2-45CC-8147-CFFE0B93D966", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*", "matchCriteriaId": "4FC2172C-73BD-441D-9963-5C9E89FB68F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*", "matchCriteriaId": "485C8744-A185-46EB-B27F-8A42ED76964B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*", "matchCriteriaId": "C01153E2-A4E3-4EF9-A33E-1026F578CB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*", "matchCriteriaId": "505CE414-C5E5-4251-9F02-A8A0DA6C0E91", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*", "matchCriteriaId": "607E83FB-FDB7-49CA-9DA9-B8DA43C3DF23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*", "matchCriteriaId": "864BA14B-B357-4ADD-BCE1-B2EAE4D299FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*", "matchCriteriaId": "2856AAB8-172F-4657-85FF-9FFB698C4457", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*", "matchCriteriaId": "7C2B8290-8AD6-4EDD-9736-730DD33CA73A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*", "matchCriteriaId": "A509FC81-ABFD-4CE1-ABD6-C47ECCF97892", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*", "matchCriteriaId": "7111A1FB-142C-4538-BC96-F71AEDC0FB4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*", "matchCriteriaId": "FB54C36C-F07A-4F99-A093-8EF10689E1C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*", "matchCriteriaId": "CD57B6E4-9947-4790-BCAF-30B37C7CB837", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*", "matchCriteriaId": "232170D9-923D-4DA5-9A7D-6A5BDCD37165", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*", "matchCriteriaId": "A0BE1B30-DB6E-4029-8212-035449CEE22F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*", "matchCriteriaId": "3181F3BF-8704-4D54-ABC4-CB68C89AF52D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*", "matchCriteriaId": "E61A5F5E-8DCC-4809-A2DE-E39C8E01976F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*", "matchCriteriaId": "1D2E80CD-0EAA-423B-B885-EDC5BFE962BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*", "matchCriteriaId": "11F45456-692B-415D-BDBF-BA639AA622BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*", "matchCriteriaId": "FCEF3E6A-48C3-4A00-B286-58E642DE5928", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*", "matchCriteriaId": "8CE352E5-DFFC-4580-9D5E-95EE7A5C2BD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "C771C48E-2B29-491D-8FF0-69D81229465D", "versionEndExcluding": "c.4.2.8.2.0", "versionStartIncluding": "b.11.31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."}, {"lang": "es", "value": "NTP en versiones anteriores a 4.2.8p9 limita la clasificaci\u00f3n de respuestas recibidas desde las fuentes configuradas cuando la limitaci\u00f3n de clasificaci\u00f3n para todas las asociaciones est\u00e1 habilitado, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una direcci\u00f3n de origen suplantada."}], "id": "CVE-2016-7426", "lastModified": "2020-06-18T18:14:21.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-13T16:59:00.323", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://nwtime.org/ntp428p9_release/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3071"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94451"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037354"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3707-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/633847"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0252", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ntp-0:4.2.6p5-10.el6_8.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-02-06T00:00:00Z"}, {"advisory": "RHSA-2017:0252", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ntp-0:4.2.6p5-25.el7_3.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-02-06T00:00:00Z"}], "bugzilla": {"description": "ntp: Client rate limiting and server responses", "id": "1397345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397345"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.", "It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources."], "mitigation": {"lang": "en:us", "value": "If you choose to use restrict default limited ..., be sure to use restrict source ... (without limited) to avoid this attack."}, "name": "CVE-2016-7426", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7426\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7426\nhttp://support.ntp.org/bin/view/Main/NtpBug3071"], "threat_severity": "Moderate", "upstream_fix": "ntp 4.2.8p9"}