VDB

GCVE-110-MAGEIA-2016-277

GCVE-110-MAGEIA-2016-277
Advisory Published
Vulnetix · Advisory published August 9, 2016
The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of responses between two busybox NTP servers. Adding more packets to the loop increases the traffic between the servers until one of them has a fully loaded CPU and/or network (CVE-2016-6301). The affected code originated from openntpd, which had fixed it upstream, but the fix had not made it into Mageia's openntpd package. It has also been patched with the fix in this update.

Affected Products

VendorProductVersionsPlatforms
Mageiabusybox1.22.1-5.3.mga5 (unaffected), 0 (affected)
Mageiaopenntpd0 (affected), 3.9p1-11.1.mga5 (unaffected)

Browse GCVE Records

73,196 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›