General : NTP.org 'ntpd' Zero Origin Timestamp Regression Vulnerability (Nov 2016)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106406
Category:	General
Title:	NTP.org 'ntpd' Zero Origin Timestamp Regression Vulnerability (Nov 2016)
Summary:	NTP.org's reference implementation of NTP server, ntpd is prone to a zero origin timestamp regression vulnerability.
Description:	Summary: NTP.org's reference implementation of NTP server, ntpd is prone to a zero origin timestamp regression vulnerability. Vulnerability Insight: Zero Origin timestamp problems were fixed in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. Affected Software/OS: NTPd version 4.2.8p8 and 4.3.93 only. Solution: Update to version 4.2.8p9, 4.3.94 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7431 BugTraq ID: 94454 http://www.securityfocus.com/bid/94454 Bugtraq: 20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp (Google Search) http://www.securityfocus.com/archive/1/539955/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded Bugtraq: 20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/540254/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded CERT/CC vulnerability note: VU#633847 https://www.kb.cert.org/vuls/id/633847 FreeBSD Security Advisory: FreeBSD-SA-16:39 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 http://www.securitytracker.com/id/1037354 SuSE Security Announcement: openSUSE-SU-2016:3280 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html http://www.ubuntu.com/usn/USN-3349-1
Copyright	Copyright (C) 2016 Greenbone AG