Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2016-7431

Disclosure Date: January 13, 2017
CVE-2016-7431
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • ntp

Products

  • ntp 4.2.8

References

Canonical
CVE-2016-7431 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431)
BID-94454 (http://www.securityfocus.com/bid/94454)
Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://nwtime.org/ntp428p9_release
VU#633847 (https://www.kb.cert.org/vuls/id/633847)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
SECTRACK-1037354 (http://www.securitytracker.com/id/1037354)
https://bto.bluecoat.com/security-advisory/sa139
http://support.ntp.org/bin/view/Main/NtpBug3102
http://nwtime.org/ntp428p9_release/
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities (http://www.securityfocus.com/archive/1/540254/100/0/threaded)
20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities (http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded)
openSUSE-SU-2016:3280 (http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03899en_us
USN-3349-1 (http://www.ubuntu.com/usn/USN-3349-1)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03883en_us
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/
20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp (http://www.securityfocus.com/archive/1/539955/100/0/threaded)
20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp (http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded)
Miscellaneous
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis