Medium severity5.9NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026
CVE-2016-9042
CVE-2016-9042
Description
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
< 4.2.8p15-7.2+ 11 more
- (no CPE)range: < 4.2.8p15-7.2
- (no CPE)range: < 4.2.8p10-60.1
- (no CPE)range: < 4.2.8p10-60.1
- (no CPE)range: < 4.2.8p10-63.1
- (no CPE)range: < 4.2.8p10-60.1
- (no CPE)range: < 4.2.8p10-60.1
- (no CPE)range: < 4.2.8p10-46.23.1
- (no CPE)range: < 4.2.8p10-60.1
- (no CPE)range: < 4.2.8p10-63.1
- (no CPE)range: < 4.2.8p10-46.23.1
- (no CPE)range: < 4.2.8p10-60.1
- (no CPE)range: < 4.2.8p10-60.1
- Talos/Network Time Protocolv5Range: NTP 4.2.8p9
Patches
Vulnerability mechanics
References
21- www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260nvdExploitMitigationThird Party Advisory
- www.securityfocus.com/bid/97046nvdPermissions RequiredThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038123nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039427nvdThird Party AdvisoryVDB Entry
- cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfnvdThird Party Advisory
- security.freebsd.org/advisories/FreeBSD-SA-17:03.ntp.ascnvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.htmlnvd
- packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.htmlnvd
- seclists.org/fulldisclosure/2017/Nov/7nvd
- seclists.org/fulldisclosure/2017/Sep/62nvd
- www.securityfocus.com/archive/1/540403/100/0/threadednvd
- www.securityfocus.com/archive/1/archive/1/540403/100/0/threadednvd
- www.securityfocus.com/archive/1/archive/1/540464/100/0/threadednvd
- www.ubuntu.com/usn/USN-3349-1nvd
- bto.bluecoat.com/security-advisory/sa147nvd
- kc.mcafee.com/corporate/indexnvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/nvd
- support.apple.com/kb/HT208144nvd
- support.f5.com/csp/article/K39041624nvd
- us-cert.cisa.gov/ics/advisories/icsa-21-159-11nvd
News mentions
0No linked articles in our index yet.