CVE-2016-7431: Input Validation
Published Jan 13, 2017
·Updated
Last updated 24 July 2024
Other sources
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
Affected Software
3 affected componentsFixes available
debian/ntp
1:4.2.8p15+dfsg-1
Siemens SIMATIC NET CP 443-1 OPC UA
NTP ntp=4.2.8-p8
Remediation
Event History
Jan 13, 2017
CVE Published
via MITRE·04:00 PM
Data Sourced
via MITRE·04:00 PM
Description
Data Sourced
via NVD·04:59 PM
DescriptionSeverityWeaknessAffected Software
Jan 11, 2024
Data Sourced
via Launchpad·10:21 PM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·01:16 AM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2016-7431.
2
What is the severity of CVE-2016-7431?
The severity of CVE-2016-7431 is medium with a severity value of 5.3.
3
How does CVE-2016-7431 allow remote attackers to bypass the origin timestamp protection mechanism?
CVE-2016-7431 allows remote attackers to bypass the origin timestamp protection mechanism by using an origin timestamp of zero.
4
Which versions of NTP are affected by CVE-2016-7431?
NTP versions before 4.2.8p9 are affected by CVE-2016-7431.
5
How can I fix CVE-2016-7431?
To fix CVE-2016-7431, update NTP to version 4.2.8p9 or later.