CVE-2016-7426 ntpd Multiple Security Vulnerabilities

漏洞类别:General remote services



The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.

This update fixes the following vulnerabilities:
– Trap crash. (CVE-2016-9311)
– Mode 6 unauthenticated trap information disclosure and DDoS vector. (CVE-2016-9310)
– Broadcast Mode Replay Prevention DoS. (CVE-2016-7427)
– Broadcast Mode Poll Interval Enforcement DoS. (CVE-2016-7428)
– Windows: ntpd DoS by oversized UDP packet. (CVE-2016-9312)
– Regression: 010-origin: Zero Origin Timestamp Bypass. (CVE-2016-7431)
– Null pointer dereference in _IO_str_init_static_internal(). (CVE-2016-7434)
– Interface selection attack. (CVE-2016-7429)
– Client rate limiting and server responses. (CVE-2016-7426)
– Reboot sync calculation problem. (CVE-2016-7433)

Affected Versions:
NTP versions prior to 4.2.8p9


A remote unauthenticated attacker may be able to perform a denial of service on targeted system.


User are advised to upgrade to the 4.2.8p9 or later version to fix the issues. Latest version can be downloaded from here

Following are links for downloading patches to fix the vulnerabilities:

ntp-4.2.8p9 or later