NVD Vulnerability Detail

CVE-2016-4954

Summary	The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
Publication Date	July 5, 2016, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:13 p.m.
Last Update	Nov. 21, 2024, 11:53 a.m.

CVSS3.1 : HIGH
スコア	7.5
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ntp:ntp:4.2.8:p5::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p4::::::
cpe:2.3:a:ntp:ntp:4.2.8:p7::::::
cpe:2.3:a:ntp:ntp:4.2.8:p6::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1::::::
cpe:2.3:a:ntp:ntp:4.2.8:-::::::
cpe:2.3:a:ntp:ntp::::::::	4.2.0			4.2.8
cpe:2.3:a:ntp:ntp::::::::	4.3.0			4.3.93

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:oracle:solaris:11.3:::::::*
cpe:2.3:o:oracle:solaris:10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
cpe:2.3:a:suse:openstack_cloud:5:::::::*
cpe:2.3:a:suse:manager_proxy:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
cpe:2.3:a:suse:manager:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:siemens:tim_4r-ie_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:tim_4r-ie:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.ntp.org/3044	Issue Tracking Vendor Advisory
2	http://bugs.ntp.org/3044	Issue Tracking Vendor Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
6	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
7	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html	Mailing List Third Party Advisory
15	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
16	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
17	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
18	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
19	http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
20	http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
21	http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
22	http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
23	http://support.ntp.org/bin/view/Main/NtpBug3044	Patch Vendor Advisory
24	http://support.ntp.org/bin/view/Main/NtpBug3044	Patch Vendor Advisory
25	http://support.ntp.org/bin/view/Main/SecurityNotice	Vendor Advisory
26	http://support.ntp.org/bin/view/Main/SecurityNotice	Vendor Advisory
27	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
28	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
29	http://www.kb.cert.org/vuls/id/321640	Third Party Advisory US Government Resource
30	http://www.kb.cert.org/vuls/id/321640	Third Party Advisory US Government Resource
31	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
32	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
33	http://www.securityfocus.com/archive/1/538599/100/0/threaded
34	http://www.securityfocus.com/archive/1/538599/100/0/threaded
35	http://www.securityfocus.com/archive/1/538600/100/0/threaded
36	http://www.securityfocus.com/archive/1/538600/100/0/threaded
37	http://www.securityfocus.com/archive/1/540683/100/0/threaded
38	http://www.securityfocus.com/archive/1/540683/100/0/threaded
39	http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
40	http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
41	http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
42	http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
43	http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
44	http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
45	http://www.securitytracker.com/id/1036037	Third Party Advisory VDB Entry
46	http://www.securitytracker.com/id/1036037	Third Party Advisory VDB Entry
47	http://www.ubuntu.com/usn/USN-3096-1
48	http://www.ubuntu.com/usn/USN-3096-1
49	https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf	Third Party Advisory
50	https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf	Third Party Advisory
51	https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf	Third Party Advisory
52	https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf	Third Party Advisory
53	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us	Third Party Advisory
54	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us	Third Party Advisory
55	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
56	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
57	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
58	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
59	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
60	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
61	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc	Third Party Advisory
62	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc	Third Party Advisory
63	https://security.gentoo.org/glsa/201607-15	Third Party Advisory
64	https://security.gentoo.org/glsa/201607-15	Third Party Advisory
65	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11	Third Party Advisory US Government Resource
66	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11	Third Party Advisory US Government Resource
67	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
68	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
69	https://www.kb.cert.org/vuls/id/321640
70	https://www.kb.cert.org/vuls/id/321640

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-362	競合状態	https://cwe.mitre.org/data/definitions/362.html

JVN Vulnerability Information

NTP の ntpd の ntp_proto.c 内の process_packet 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	NTP の ntpd の ntp_proto.c 内の process_packet 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	NTP の ntpd の ntp_proto.c 内の process_packet 関数には、サービス運用妨害 (ピア変数の変更) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、特定のシナリオで多数の送信元 IP アドレスから偽造されたパケットを送信されることで、サービス運用妨害 (ピア変数の変更) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 2, 2016, midnight
Registration Date	July 11, 2016, 11:57 a.m.
Last Update	March 9, 2017, 3:29 p.m.

Affected System

NTP Project

NTP 4.2.8p8 未満の 4.x

日本電気

UNIVERGE IP8800シリーズ

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-4954	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
National Vulnerability Database (NVD)
2	CVE-2016-4954	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4954

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html

ベンダー情報

No	Name	URL
Meinberg Security Advisory
1	Meinberg Security Advisory: [MBGSA-1604] WebUI and NTP	https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1604-webui-and-ntp.htm
NEC製品セキュリティ情報
2	NV17-007	http://jpn.nec.com/security-info/secinfo/nv17-007.html
NTP Bugzilla
3	Bug 3044	http://bugs.ntp.org/show_bug.cgi?id=3044
ntp.org
4	NTP Bug 3044	http://support.ntp.org/bin/view/Main/NtpBug3044
Oracle Technology Network
5	Oracle Solaris Third Party Bulletin - April 2016	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Security Notice
6	June 2016 ntp-4.2.8p8 NTP Security Vulnerability Announcement (HIGH)(CVE-2016-4954)	http://support.ntp.org/bin/view/Main/SecurityNotice
富士通セキュリティ情報
7	JVNVU#94410990(VU#321640)に関する情報	http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#JVNVU94410990

その他

No	Name	URL
JVN
1	JVNVU#94410990	http://jvn.jp/vu/JVNVU94410990/index.html
2	JVNVU#95781418	https://jvn.jp/vu/JVNVU95781418/index.html
3	JVNVU#96269392	https://jvn.jp/vu/JVNVU96269392/index.html
US-CERT Vulnerability Note
4	VU#321640	http://www.kb.cert.org/vuls/id/321640

Change Log

No	Changed Details	Date of change
1	[2021年04月16日] 参考情報：JVN (JVNVU#96269392) を追加	April 16, 2021, 2:43 p.m.
0	[2016年07月11日] 掲載 [2016年08月03日] ベンダ情報：富士通 (JVNVU#94410990(VU#321640)に関する情報) を追加ベンダ情報：オラクル (Oracle Solaris Third Party Bulletin - April 2016) を追加 [2016年11月21日] ベンダ情報：NTP Project (NTP Bug 3044) を追加ベンダ情報：NTP Project (June 2016 ntp-4.2.8p8 NTP Security Vulnerability Announcement (HIGH)(CVE-2016-4954)) を追加 [2017年03月09日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日本電気 (NV17-007) を追加	Feb. 17, 2018, 10:37 a.m.
2	[2021年06月10日] 参考情報：JVN (JVNVU#95781418) を追加	June 10, 2021, 1:39 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ntp:ntp:4.2.8:p5::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p4::::::
cpe:2.3:a:ntp:ntp:4.2.8:p7::::::
cpe:2.3:a:ntp:ntp:4.2.8:p6::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1::::::
cpe:2.3:a:ntp:ntp:4.2.8:-::::::
cpe:2.3:a:ntp:ntp::::::::	4.2.0			4.2.8
cpe:2.3:a:ntp:ntp::::::::	4.3.0			4.3.93

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
cpe:2.3:a:suse:openstack_cloud:5:::::::*
cpe:2.3:a:suse:manager_proxy:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
cpe:2.3:a:suse:manager:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*