CVE-2016-2518

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

References

https://www.kb.cert.org/vuls/id/718152

http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security

http://support.ntp.org/bin/view/Main/NtpBug3009

http://www.securityfocus.com/bid/88226

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://security.gentoo.org/glsa/201607-15

http://www.securitytracker.com/id/1035705

http://www.debian.org/security/2016/dsa-3629

https://security.netapp.com/advisory/ntap-20171004-0002/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc

https://access.redhat.com/errata/RHSA-2016:1141

http://rhn.redhat.com/errata/RHSA-2016-1552.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

http://www.ubuntu.com/usn/USN-3096-1

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html

http://www.securityfocus.com/archive/1/538233/100/0/threaded

http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

https://support.f5.com/csp/article/K20804323

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html

https://www.debian.org/security/2016/dsa-3629

Details

Source: MITRE

Published: 2017-01-30

Updated: 2021-06-10

Type: CWE-125

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p35:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p36:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p38:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p39:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p28:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p29:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p30:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p31:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p11:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p12:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p13:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p14:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.3:-:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
125009EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)NessusHuawei Local Security Checks
critical
104204OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165)NessusOracleVM Local Security Checks
high
104100Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)NessusJunos Local Security Checks
high
102128AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)NessusAIX Local Security Checks
medium
99183AIX NTP v4 Advisory : ntp_advisory7.asc (IV87278) (IV87279)NessusAIX Local Security Checks
high
97152F5 Networks BIG-IP : NTP vulnerability (K20804323)NessusF5 Networks Local Security Checks
medium
93896Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : ntp vulnerabilities (USN-3096-1)NessusUbuntu Local Security Checks
high
93352AIX 7.2 TL 0 : ntp (IV87939) (deprecated)NessusAIX Local Security Checks
high
93351AIX 7.1 TL 3 : ntp (IV87615) (deprecated)NessusAIX Local Security Checks
high
93350AIX 5.3 TL 12 : ntp (IV87614) (deprecated)NessusAIX Local Security Checks
high
93349AIX 7.1 TL 4 : ntp (IV87420) (deprecated)NessusAIX Local Security Checks
high
93348AIX 6.1 TL 9 : ntp (IV87419) (deprecated)NessusAIX Local Security Checks
high
93186SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)NessusSuSE Local Security Checks
critical
92718RHEL 6 : ntp (RHSA-2016:1552)NessusRed Hat Local Security Checks
high
92571Debian DSA-3629-1 : ntp - security updateNessusDebian Local Security Checks
high
92546Debian DLA-559-1 : ntp security updateNessusDebian Local Security Checks
high
92485GLSA-201607-15 : NTP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
92113Fedora 22 : ntp (2016-777d838c1b)NessusFedora Local Security Checks
high
91663SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)NessusSuSE Local Security Checks
critical
91644Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20160531)NessusScientific Linux Local Security Checks
high
91467Amazon Linux AMI : ntp (ALAS-2016-708)NessusAmazon Linux Local Security Checks
high
91420RHEL 6 / 7 : ntp (RHSA-2016:1141)NessusRed Hat Local Security Checks
high
91419OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)NessusOracleVM Local Security Checks
high
91418Oracle Linux 6 / 7 : ntp (ELSA-2016-1141)NessusOracle Linux Local Security Checks
high
91403openSUSE Security Update : ntp (openSUSE-2016-649)NessusSuSE Local Security Checks
critical
91394CentOS 6 / 7 : ntp (CESA-2016:1141)NessusCentOS Local Security Checks
high
91269openSUSE Security Update : ntp (openSUSE-2016-599)NessusSuSE Local Security Checks
critical
91159SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1291-1)NessusSuSE Local Security Checks
critical
91120SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1278-1)NessusSuSE Local Security Checks
critical
91062Fedora 23 : ntp-4.2.6p5-40.fc23 (2016-5b2eb0bf9c)NessusFedora Local Security Checks
high
90977Fedora 24 : ntp-4.2.6p5-40.fc24 (2016-ed8c6c0426)NessusFedora Local Security Checks
high
90923Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p7 Multiple VulnerabilitiesNessusMisc.
critical
90800Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-120-01)NessusSlackware Local Security Checks
high
90742FreeBSD : ntp -- multiple vulnerabilities (b2487d9a-0c30-11e6-acd0-d050996490d0)NessusFreeBSD Local Security Checks
high