VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published Jul 5, 2016· Updated May 6, 2026

CVE-2016-4957

CVE-2016-4957

Description

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Affected products

14
  • Ntp/Ntp2 versions
    cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*
  • Oracle Corporation/Solaris2 versions
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
    • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • SUSE S.A./Manager Proxy
    cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*
  • SUSE S.A./Openstack Cloud
    cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*
  • Novell/Suse Manager
    cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*
  • OpenSUSE/Leap
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Desktop
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Server4 versions
    cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*+ 3 more
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.