Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2016-2518

Disclosure Date: January 30, 2017
CVE-2016-2518 CVSS v3 Base Score: 5.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.3 Medium
Impact Score:
1.4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
Low

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • freebsd,
  • netapp,
  • ntp,
  • oracle,
  • redhat,
  • siemens

Products

  • clustered data ontap -,
  • communications user data repository 10.0.0,
  • communications user data repository 10.0.1,
  • communications user data repository 12.0.0,
  • data ontap -,
  • debian linux 10.0,
  • debian linux 8.0,
  • debian linux 9.0,
  • enterprise linux desktop 7.0,
  • enterprise linux server 6.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.2,
  • enterprise linux server aus 7.4,
  • enterprise linux server aus 7.6,
  • enterprise linux server eus 7.2,
  • enterprise linux server eus 7.3,
  • enterprise linux server eus 7.4,
  • enterprise linux server eus 7.5,
  • enterprise linux server eus 7.6,
  • enterprise linux server eus 7.7,
  • enterprise linux server tus 7.2,
  • enterprise linux server tus 7.3,
  • enterprise linux server tus 7.6,
  • enterprise linux server tus 7.7,
  • enterprise linux workstation 6.0,
  • freebsd 10.1,
  • freebsd 10.2,
  • freebsd 10.3,
  • freebsd 9.3,
  • linux 6,
  • linux 7,
  • ntp,
  • ntp 4.2.8,
  • oncommand balance -,
  • oncommand performance manager -,
  • oncommand unified manager for clustered data ontap -,
  • simatic net cp 443-1 opc ua firmware

References

Canonical
CVE-2016-2518 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518)
BID-88226 (http://www.securityfocus.com/bid/88226)
Advisory
DSA-3629 (http://www.debian.org/security/2016/dsa-3629)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://support.ntp.org/bin/view/Main/NtpBug3009
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://access.redhat.com/errata/RHSA-2016:1141
VU#718152 (https://www.kb.cert.org/vuls/id/718152)
http://rhn.redhat.com/errata/RHSA-2016-1552.html
SECTRACK-1035705 (http://www.securitytracker.com/id/1035705)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://security.netapp.com/advisory/ntap-20171004-0002
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security
GLSA-201607-15 (https://security.gentoo.org/glsa/201607-15)
https://security.netapp.com/advisory/ntap-20171004-0002/
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
USN-3096-1 (http://www.ubuntu.com/usn/USN-3096-1)
SUSE-SU-2016:1912 (http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html)
20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd)
SUSE-SU-2016:2094 (http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html)
openSUSE-SU-2016:1423 (http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html)
openSUSE-SU-2016:1329 (http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html)
SUSE-SU-2016:1471 (http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html)
FEDORA-2016-5b2eb0bf9c (http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html)
SUSE-SU-2016:1291 (http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html)
DSA-3629 (https://www.debian.org/security/2016/dsa-3629)
20160429 [slackware-security] ntp (SSA:2016-120-01) (http://www.securityfocus.com/archive/1/538233/100/0/threaded)
https://support.f5.com/csp/article/K20804323
SUSE-SU-2016:1568 (http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html)
20160429 [slackware-security] ntp (SSA:2016-120-01) (http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded)
SUSE-SU-2016:1278 (http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html)
FEDORA-2016-ed8c6c0426 (http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html)
Miscellaneous
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis