ID CVE-2016-2518
Summary The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.4:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-05-2018 - 01:29)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1331468
    title CVE-2016-2518 ntp: out-of-bounds references on crafted packet
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment ntp is earlier than 0:4.2.6p5-22.el7_2.2
            oval oval:com.redhat.rhsa:tst:20161141005
          • comment ntp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024006
        • AND
          • comment ntp-doc is earlier than 0:4.2.6p5-22.el7_2.2
            oval oval:com.redhat.rhsa:tst:20161141013
          • comment ntp-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024010
        • AND
          • comment ntp-perl is earlier than 0:4.2.6p5-22.el7_2.2
            oval oval:com.redhat.rhsa:tst:20161141011
          • comment ntp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024014
        • AND
          • comment ntpdate is earlier than 0:4.2.6p5-22.el7_2.2
            oval oval:com.redhat.rhsa:tst:20161141009
          • comment ntpdate is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024012
        • AND
          • comment sntp is earlier than 0:4.2.6p5-22.el7_2.2
            oval oval:com.redhat.rhsa:tst:20161141007
          • comment sntp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024008
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment ntp is earlier than 0:4.2.6p5-10.el6.1
            oval oval:com.redhat.rhsa:tst:20161141019
          • comment ntp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024006
        • AND
          • comment ntp-doc is earlier than 0:4.2.6p5-10.el6.1
            oval oval:com.redhat.rhsa:tst:20161141022
          • comment ntp-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024010
        • AND
          • comment ntp-perl is earlier than 0:4.2.6p5-10.el6.1
            oval oval:com.redhat.rhsa:tst:20161141020
          • comment ntp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024014
        • AND
          • comment ntpdate is earlier than 0:4.2.6p5-10.el6.1
            oval oval:com.redhat.rhsa:tst:20161141021
          • comment ntpdate is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024012
    rhsa
    id RHSA-2016:1141
    released 2016-05-31
    severity Moderate
    title RHSA-2016:1141: ntp security update (Moderate)
  • rhsa
    id RHSA-2016:1552
rpms
  • ntp-0:4.2.6p5-22.el7_2.2
  • ntp-doc-0:4.2.6p5-22.el7_2.2
  • ntp-perl-0:4.2.6p5-22.el7_2.2
  • ntpdate-0:4.2.6p5-22.el7_2.2
  • sntp-0:4.2.6p5-22.el7_2.2
  • ntp-0:4.2.6p5-10.el6.1
  • ntp-doc-0:4.2.6p5-10.el6.1
  • ntp-perl-0:4.2.6p5-10.el6.1
  • ntpdate-0:4.2.6p5-10.el6.1
refmap via4
bid 88226
cert-vn VU#718152
confirm
debian DSA-3629
freebsd FreeBSD-SA-16:16
gentoo GLSA-201607-15
sectrack 1035705
Last major update 18-05-2018 - 01:29
Published 30-01-2017 - 21:59
Back to Top