NTP CVE-2016-9310 Denial of Service Vulnerability

NTP is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition.

Information

Bugtraq ID: 94452
Class: Design Error
CVE: CVE-2016-9310

Remote: Yes
Local: No
Published: Nov 21 2016 12:00AM
Updated: Apr 24 2017 05:08PM
Credit: Matthew Van Gundy of Cisco ASIG.
Vulnerable: NTP NTPsec 0.9.3
NTP NTPsec 0.9.1
NTP NTP 4.3.90
NTP NTP 4.3.25
NTP NTP 4.3
NTP NTP 4.2.8
NTP NTP 4.3.93
NTP NTP 4.3.92
NTP NTP 4.3.77
NTP NTP 4.3.70
NTP NTP 4.2.8p7
NTP NTP 4.2.8p6
NTP NTP 4.2.8p5
NTP NTP 4.2.8p4
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.8p1
NTP NTP 4.0.90
Juniper Junos 16.2R1
Juniper Junos 16.1R3
Juniper Junos 16.1R2
Juniper Junos 16.1R1
Juniper Junos 15.1X53-D63
Juniper Junos 15.1X53-D60
Juniper Junos 15.1X53-D40
Juniper Junos 15.1X53-D35
Juniper Junos 15.1X53-D30
Juniper Junos 15.1X53-D230
Juniper Junos 15.1X53-D20
Juniper Junos 15.1X49-D70
Juniper Junos 15.1X49-D60
Juniper Junos 15.1X49-D40
Juniper Junos 15.1X49-D30
Juniper Junos 15.1X49-D20
Juniper Junos 15.1X49-D15
Juniper Junos 15.1X49-D10
Juniper Junos 15.1R5
Juniper Junos 15.1R4
Juniper Junos 15.1R3
Juniper Junos 15.1R2
Juniper Junos 15.1R1
Juniper Junos 15.1F6-S4
Juniper Junos 15.1F6
Juniper Junos 15.1F5-S5
Juniper Junos 15.1F5-S2
Juniper Junos 15.1F5
Juniper Junos 15.1F4-S2
Juniper Junos 15.1F4
Juniper Junos 15.1F3
Juniper Junos 15.1F2-S5
Juniper Junos 15.1F2-S2
Juniper Junos 15.1F2-S14
Juniper Junos 15.1F2
Juniper Junos 15.1F1
Juniper Junos 14.2R7
Juniper Junos 14.2R6.5
Juniper Junos 14.2R6-S4
Juniper Junos 14.2R6
Juniper Junos 14.2R5
Juniper Junos 14.2R4-S1
Juniper Junos 14.2R4
Juniper Junos 14.2R3-S4
Juniper Junos 14.2R3
Juniper Junos 14.2R2.8
Juniper Junos 14.2R2
Juniper Junos 14.2R1
Juniper Junos 12.3X48-D40
Juniper Junos 12.3X48-D35
Juniper Junos 12.3X48-D30
Juniper Junos 12.3X48-D25
Juniper Junos 12.3X48-D20
Juniper Junos 12.3X48-D15
Juniper Junos 12.3X48-D10
IBM Aix 7.2
IBM AIX 7.1
IBM AIX 6.1
FreeBSD Freebsd 9.3-RELEASE-p9
FreeBSD FreeBSD 9.3-RELEASE-p6
FreeBSD FreeBSD 9.3-RELEASE-p5
FreeBSD Freebsd 9.3-RELEASE-p44
FreeBSD Freebsd 9.3-RELEASE-p43
FreeBSD Freebsd 9.3-RELEASE-p42
FreeBSD Freebsd 9.3-RELEASE-p41
FreeBSD Freebsd 9.3-RELEASE-p39
FreeBSD Freebsd 9.3-RELEASE-p38
FreeBSD Freebsd 9.3-RELEASE-p36
FreeBSD Freebsd 9.3-RELEASE-p35
FreeBSD Freebsd 9.3-RELEASE-p34
FreeBSD Freebsd 9.3-RELEASE-p33
FreeBSD Freebsd 9.3-RELEASE-p31
FreeBSD FreeBSD 9.3-RELEASE-p3
FreeBSD Freebsd 9.3-RELEASE-p29
FreeBSD Freebsd 9.3-RELEASE-p25
FreeBSD Freebsd 9.3-RELEASE-p24
FreeBSD Freebsd 9.3-RELEASE-p22
FreeBSD Freebsd 9.3-RELEASE-p21
FreeBSD FreeBSD 9.3-RELEASE-p2
FreeBSD Freebsd 9.3-RELEASE-p13
FreeBSD Freebsd 9.3-RELEASE-p10
FreeBSD FreeBSD 9.3-RELEASE-p1
FreeBSD FreeBSD 9.3
FreeBSD Freebsd 11.0-RELEASE-p4
FreeBSD Freebsd 10.3-RELEASE-p5
FreeBSD Freebsd 10.3-RELEASE-p4
FreeBSD Freebsd 10.3-RELEASE-p3
FreeBSD Freebsd 10.3-RELEASE-p2
FreeBSD Freebsd 10.3-RELEASE-p13
FreeBSD Freebsd 10.3-RELEASE-p1
FreeBSD Freebsd 10.2-RELEASE-p9
FreeBSD Freebsd 10.2-RELEASE-p8
FreeBSD Freebsd 10.2-RELEASE-p6
FreeBSD Freebsd 10.2-RELEASE-p26
FreeBSD Freebsd 10.2-RELEASE-p19
FreeBSD Freebsd 10.2-RELEASE-p18
FreeBSD Freebsd 10.2-RELEASE-p17
FreeBSD Freebsd 10.2-RELEASE-p16
FreeBSD Freebsd 10.2-RELEASE-p14
FreeBSD Freebsd 10.2-RELEASE-p13
FreeBSD Freebsd 10.2-RELEASE-p12
FreeBSD Freebsd 10.2-RELEASE-p11
FreeBSD Freebsd 10.2-RELEASE-p10
FreeBSD Freebsd 10.1-RELEASE-p9
FreeBSD Freebsd 10.1-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p5
FreeBSD Freebsd 10.1-RELEASE-p43
FreeBSD Freebsd 10.1-RELEASE-p36
FreeBSD Freebsd 10.1-RELEASE-p35
FreeBSD Freebsd 10.1-RELEASE-p34
FreeBSD Freebsd 10.1-RELEASE-p33
FreeBSD Freebsd 10.1-RELEASE-p31
FreeBSD Freebsd 10.1-RELEASE-p30
FreeBSD Freebsd 10.1-RELEASE-p29
FreeBSD Freebsd 10.1-RELEASE-p28
FreeBSD Freebsd 10.1-RELEASE-p27
FreeBSD Freebsd 10.1-RELEASE-p26
FreeBSD Freebsd 10.1-RELEASE-p25
FreeBSD Freebsd 10.1-RELEASE-p23
FreeBSD Freebsd 10.1-RELEASE-p19
FreeBSD Freebsd 10.1-RELEASE-p17
FreeBSD Freebsd 10.1-RELEASE-p16
FreeBSD FreeBSD 10.1-RELEASE-p1
FreeBSD Freebsd 10.1-RELEASE

Not Vulnerable: NTP NTP 4.3.94
NTP NTP 4.2.8p9
Juniper Junos 17.2R1
Juniper Junos 17.1R1
Juniper Junos 16.2R2
Juniper Junos 16.1R5
Juniper Junos 16.1R4-S1
Juniper Junos 16.1R3-S3
Juniper Junos 15.1X53-D70
Juniper Junos 15.1X53-D64
Juniper Junos 15.1X53-D231
Juniper Junos 15.1X49-D80
Juniper Junos 15.1R6
Juniper Junos 15.1R5-S2
Juniper Junos 15.1R4-S7
Juniper Junos 15.1F7
Juniper Junos 15.1F6-S5
Juniper Junos 15.1F5-S7
Juniper Junos 15.1F2-S16
Juniper Junos 14.2R8
Juniper Junos 14.2R7-S6
Juniper Junos 14.1R9
Juniper Junos 14.1R8-S3
Juniper Junos 12.3X48-D45
FreeBSD FreeBSD 9.3-STABLE
FreeBSD Freebsd 9.3-RELEASE-p53
FreeBSD Freebsd 11.0-STABLE
FreeBSD Freebsd 11.0-RELEASE-p6
FreeBSD Freebsd 10.3-STABLE
FreeBSD Freebsd 10.3-RELEASE-p15
FreeBSD Freebsd 10.2-RELEASE-p28
FreeBSD Freebsd 10.1-RELEASE-p45

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

NTP Homepage (NTP)
FreeBSD Security Advisory FreeBSD-SA-16:39.ntp (FreeBSD)
IBM SECURITY ADVISORY (IBM)
Junos: Multiple vulnerabilities in NTP [VU#633847] (Juniper)
NTP Bug 3118:Mode 6 unauthenticated trap information disclosure and DDoS vector (NTP)
TALOS-2016-0203:Network Time Protocol Control Mode Unauthenticated Trap Informat (Cisco Talos)
VU#633847: NTP.org ntpd contains multiple denial of service vulnerabilities (kb.cert)

Source: www.securityfocus.com

Exploit Collector

Search Exploit