Resource Exhaustion in ntpdate | CVE-2016-9310

Q: How to fix?

Upgrade Oracle:7 ntpdate to version 0:4.2.6p5-25.0.1.el7_3.1 or higher. This issue was patched in ELSA-2017-0252 .

Threat Intelligence

1.72% (88^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Resource Exhaustion vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-ORACLE7-NTPDATE-2514157
published10 Apr 2022
disclosed13 Jan 2017

Report a new vulnerability Found a mistake?

Introduced: 13 Jan 2017

CVE-2016-9310 (opens in a new tab) CWE-400 (opens in a new tab)

How to fix?

Upgrade Oracle:7 ntpdate to version 0:4.2.6p5-25.0.1.el7_3.1 or higher.
This issue was patched in ELSA-2017-0252.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ntpdate package and not the ntpdate package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

Resource Exhaustion Affecting ntpdate package, versions <0:4.2.6p5-25.0.1.el7_3.1

Severity