CVE-2016-9042: Input Validation
First published: Mon Sep 25 2017(Updated: )
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Credit: Cure53 Cure53 Cure53 Cure53 Cure53 Cure53 Cure53 Cure53 Cure53 Matthew Van Gundy Cisco talos-cna@cisco.com talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS High Sierra | <10.13 | 10.13 |
| Siemens SIMATIC NET CP 443-1 OPC UA | ||
| NTP ntp | =4.2.8-p9 | |
| FreeBSD FreeBSD | =10.0 | |
| FreeBSD FreeBSD | =11.0 | |
| Hpe Hpux-ntp | <c.4.2.8.4.0 | |
| All of | ||
| Siemens Simatic Net Cp 443-1 Opc Ua Firmware | ||
| Siemens SIMATIC NET CP 443-1 OPC UA | ||
| Siemens Simatic Net Cp 443-1 Opc Ua Firmware | ||
| Siemens SIMATIC NET CP 443-1 OPC UA | ||
| debian/ntp | 1:4.2.8p15+dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208144 (Advisory)
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
- http://www.securityfocus.com/bid/97046
- http://www.securitytracker.com/id/1038123
- http://www.securitytracker.com/id/1039427
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
- http://www.securityfocus.com/archive/1/540403/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
- https://bto.bluecoat.com/security-advisory/sa147
- https://kc.mcafee.com/corporate/index?page=content&id=SB10201
- https://support.apple.com/kb/HT208144
- https://support.f5.com/csp/article/K39041624
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
- http://seclists.org/fulldisclosure/2017/Sep/62
- http://seclists.org/fulldisclosure/2017/Nov/7
- http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html
- http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
- http://www.ubuntu.com/usn/USN-3349-1
- https://launchpad.net/bugs/cve/CVE-2016-9042
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-11 (Advisory)
- https://kc.mcafee.com/corporate/index?page=content&id=SB10201
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- http://www.talosintelligence.com/reports/TALOS-2016-0260/
- http://support.ntp.org/bin/view/Main/NtpBug3361
- http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2015-8138.patch?h=f24
- https://security-tracker.debian.org/tracker/CVE-2016-9042
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
- https://nvd.nist.gov/vuln/detail/CVE-2016-9042
- https://ubuntu.com/security/CVE-2016-9042
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-13832
- CVE-2016-0736
- CVE-2016-2161
- CVE-2016-5387
- CVE-2016-8740
- CVE-2016-8743
- CVE-2017-13909
- CVE-2017-13809
- CVE-2017-7084
- CVE-2017-7074
- CVE-2017-13820
- CVE-2017-13807
- CVE-2017-7143
- CVE-2017-13829
- CVE-2017-13833
- CVE-2017-7083
- CVE-2017-13821
- CVE-2017-0381
- CVE-2017-13825
- CVE-2017-13890
- CVE-2017-13851
- CVE-2017-7138
- CVE-2017-7121
- CVE-2017-7122
- CVE-2017-7123
- CVE-2017-7124
- CVE-2017-7125
- CVE-2017-7126
- CVE-2017-13815
- CVE-2017-13828
- CVE-2017-13811
- CVE-2017-13835
- CVE-2017-11103
- CVE-2017-13819
- CVE-2017-13830
- CVE-2017-13814
- CVE-2017-13831
- CVE-2017-13837
- CVE-2017-13906
- CVE-2017-7077
- CVE-2017-7119
- CVE-2017-7114
- CVE-2017-13810
- CVE-2017-13817
- CVE-2017-13818
- CVE-2017-13836
- CVE-2017-13841
- CVE-2017-13840
- CVE-2017-13842
- CVE-2017-13782
- CVE-2017-13843
- CVE-2017-13854
- CVE-2017-13834
- CVE-2017-13873
- CVE-2017-13827
- CVE-2017-13813
- CVE-2017-13816
- CVE-2017-13812
- CVE-2016-4736
- CVE-2017-7086
- CVE-2017-1000373
- CVE-2016-9063
- CVE-2017-9233
- CVE-2018-4302
- CVE-2017-5130
- CVE-2017-7376
- CVE-2017-9050
- CVE-2017-9049
- CVE-2017-7141
- CVE-2017-7078
- CVE-2017-6451
- CVE-2017-6452
- CVE-2017-6455
- CVE-2017-6458
- CVE-2017-6459
- CVE-2017-6460
- CVE-2017-6462
- CVE-2017-6463
- CVE-2017-6464
- CVE-2016-9042
- CVE-2017-13824
- CVE-2017-13846
- CVE-2017-10140
- CVE-2017-13822
- CVE-2017-7132
- CVE-2017-13823
- CVE-2017-13808
- CVE-2017-13838
- CVE-2017-7082
- CVE-2017-7080
- CVE-2017-13908
- CVE-2017-13839
- CVE-2017-13910
- CVE-2017-10989
- CVE-2017-7128
- CVE-2017-7129
- CVE-2017-7130
- CVE-2017-7127
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
Frequently Asked Questions
What is vulnerability CVE-2016-9042?
Vulnerability CVE-2016-9042 is a denial of service vulnerability in ntpd 4.2.8p9.
How can the denial of service vulnerability in ntpd 4.2.8p9 be exploited?
The denial of service vulnerability in ntpd 4.2.8p9 can be exploited using a specially crafted unauthenticated network packet to reset the expected origin timestamp for target peers.
What is the severity of vulnerability CVE-2016-9042?
The severity of vulnerability CVE-2016-9042 is medium with a CVSS score of 5.9.
Which software versions are affected by vulnerability CVE-2016-9042?
Software versions 4.2.8p9 of ntp and 10.0 and 11.0 of FreeBSD are affected by vulnerability CVE-2016-9042.
How do I fix vulnerability CVE-2016-9042?
To fix vulnerability CVE-2016-9042, update to version 4.2.8p10 of ntp.
- collector/apple-support
- alias/CVE-2017-6452
- alias/CVE-2017-6455
- alias/CVE-2017-6458
- alias/CVE-2017-6459
- alias/CVE-2017-6460
- alias/CVE-2017-6462
- alias/CVE-2017-6463
- alias/CVE-2017-6464
- alias/CVE-2016-9042
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/remedy
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/security-tracker-debian
- source/Debian
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- vendor/apple
- canonical/apple macos high sierra
- vendor/siemens
- canonical/siemens simatic net cp 443-1 opc ua
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.8-p9
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/10.0
- version/freebsd freebsd/11.0
- vendor/hpe
- canonical/hpe hpux-ntp
- canonical/siemens simatic net cp 443-1 opc ua firmware
- package-manager/debian