CVE-2016-2518
First published: Thu Apr 28 2016(Updated: )
The following flaw was found in ntpd: Using a crafted packet to create a peer association with hmode > 7 causes the MATCH_ASSOC() lookup to make an out-of-bounds reference. Upstream bugs: <a href="http://support.ntp.org/bin/view/Main/NtpBug3009">http://support.ntp.org/bin/view/Main/NtpBug3009</a> External References: <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security">http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/ntp | 1:4.2.8p12+dfsg-4 1:4.2.8p15+dfsg-1 | |
| redhat/ntp | <4.2.8 | 4.2.8 |
| Siemens SIMATIC NET CP 443-1 OPC UA | ||
| NTP ntp | <4.2.8 | |
| NTP ntp | >=4.3.0<4.3.92 | |
| NTP ntp | =4.2.8 | |
| NTP ntp | =4.2.8-p1 | |
| NTP ntp | =4.2.8-p1-beta1 | |
| NTP ntp | =4.2.8-p1-beta2 | |
| NTP ntp | =4.2.8-p1-beta3 | |
| NTP ntp | =4.2.8-p1-beta4 | |
| NTP ntp | =4.2.8-p1-beta5 | |
| NTP ntp | =4.2.8-p1-rc1 | |
| NTP ntp | =4.2.8-p1-rc2 | |
| NTP ntp | =4.2.8-p2 | |
| NTP ntp | =4.2.8-p2-rc1 | |
| NTP ntp | =4.2.8-p2-rc2 | |
| NTP ntp | =4.2.8-p2-rc3 | |
| NTP ntp | =4.2.8-p3 | |
| NTP ntp | =4.2.8-p3-rc1 | |
| NTP ntp | =4.2.8-p3-rc2 | |
| NTP ntp | =4.2.8-p3-rc3 | |
| NTP ntp | =4.2.8-p4 | |
| NTP ntp | =4.2.8-p5 | |
| NTP ntp | =4.2.8-p6 | |
| NTP ntp | =4.2.8-p7 | |
| NTP ntp | =4.2.8-p8 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| NetApp Clustered Data ONTAP | ||
| Netapp Data Ontap 7-mode | ||
| NetApp OnCommand Balance | ||
| Netapp Oncommand Performance Manager | ||
| NetApp OnCommand Unified Manager for Clustered Data ONTAP | ||
| Oracle Communications User Data Repository | =10.0.0 | |
| Oracle Communications User Data Repository | =10.0.1 | |
| Oracle Communications User Data Repository | =12.0.0 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.2 | |
| Redhat Enterprise Linux Server Aus | =7.4 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.2 | |
| Redhat Enterprise Linux Server Eus | =7.3 | |
| Redhat Enterprise Linux Server Eus | =7.4 | |
| Redhat Enterprise Linux Server Eus | =7.5 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.7 | |
| Redhat Enterprise Linux Server Tus | =7.2 | |
| Redhat Enterprise Linux Server Tus | =7.3 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.7 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| FreeBSD FreeBSD | =9.3 | |
| FreeBSD FreeBSD | =9.3-p1 | |
| FreeBSD FreeBSD | =9.3-p10 | |
| FreeBSD FreeBSD | =9.3-p12 | |
| FreeBSD FreeBSD | =9.3-p13 | |
| FreeBSD FreeBSD | =9.3-p16 | |
| FreeBSD FreeBSD | =9.3-p19 | |
| FreeBSD FreeBSD | =9.3-p2 | |
| FreeBSD FreeBSD | =9.3-p20 | |
| FreeBSD FreeBSD | =9.3-p21 | |
| FreeBSD FreeBSD | =9.3-p22 | |
| FreeBSD FreeBSD | =9.3-p23 | |
| FreeBSD FreeBSD | =9.3-p24 | |
| FreeBSD FreeBSD | =9.3-p25 | |
| FreeBSD FreeBSD | =9.3-p28 | |
| FreeBSD FreeBSD | =9.3-p3 | |
| FreeBSD FreeBSD | =9.3-p30 | |
| FreeBSD FreeBSD | =9.3-p31 | |
| FreeBSD FreeBSD | =9.3-p32 | |
| FreeBSD FreeBSD | =9.3-p33 | |
| FreeBSD FreeBSD | =9.3-p34 | |
| FreeBSD FreeBSD | =9.3-p35 | |
| FreeBSD FreeBSD | =9.3-p36 | |
| FreeBSD FreeBSD | =9.3-p38 | |
| FreeBSD FreeBSD | =9.3-p39 | |
| FreeBSD FreeBSD | =9.3-p5 | |
| FreeBSD FreeBSD | =9.3-p6 | |
| FreeBSD FreeBSD | =9.3-p7 | |
| FreeBSD FreeBSD | =9.3-p8 | |
| FreeBSD FreeBSD | =9.3-p9 | |
| FreeBSD FreeBSD | =10.1 | |
| FreeBSD FreeBSD | =10.1-p1 | |
| FreeBSD FreeBSD | =10.1-p10 | |
| FreeBSD FreeBSD | =10.1-p12 | |
| FreeBSD FreeBSD | =10.1-p15 | |
| FreeBSD FreeBSD | =10.1-p16 | |
| FreeBSD FreeBSD | =10.1-p17 | |
| FreeBSD FreeBSD | =10.1-p18 | |
| FreeBSD FreeBSD | =10.1-p19 | |
| FreeBSD FreeBSD | =10.1-p2 | |
| FreeBSD FreeBSD | =10.1-p22 | |
| FreeBSD FreeBSD | =10.1-p24 | |
| FreeBSD FreeBSD | =10.1-p25 | |
| FreeBSD FreeBSD | =10.1-p26 | |
| FreeBSD FreeBSD | =10.1-p27 | |
| FreeBSD FreeBSD | =10.1-p28 | |
| FreeBSD FreeBSD | =10.1-p29 | |
| FreeBSD FreeBSD | =10.1-p3 | |
| FreeBSD FreeBSD | =10.1-p30 | |
| FreeBSD FreeBSD | =10.1-p31 | |
| FreeBSD FreeBSD | =10.1-p4 | |
| FreeBSD FreeBSD | =10.1-p5 | |
| FreeBSD FreeBSD | =10.1-p6 | |
| FreeBSD FreeBSD | =10.1-p7 | |
| FreeBSD FreeBSD | =10.1-p8 | |
| FreeBSD FreeBSD | =10.1-p9 | |
| FreeBSD FreeBSD | =10.2 | |
| FreeBSD FreeBSD | =10.2-p1 | |
| FreeBSD FreeBSD | =10.2-p10 | |
| FreeBSD FreeBSD | =10.2-p11 | |
| FreeBSD FreeBSD | =10.2-p12 | |
| FreeBSD FreeBSD | =10.2-p13 | |
| FreeBSD FreeBSD | =10.2-p14 | |
| FreeBSD FreeBSD | =10.2-p2 | |
| FreeBSD FreeBSD | =10.2-p5 | |
| FreeBSD FreeBSD | =10.2-p7 | |
| FreeBSD FreeBSD | =10.2-p8 | |
| FreeBSD FreeBSD | =10.2-p9 | |
| FreeBSD FreeBSD | =10.3 | |
| Siemens Simatic Net Cp 443-1 Opc Ua Firmware | ||
| Siemens SIMATIC NET CP 443-1 OPC UA |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
- https://security-tracker.debian.org/tracker/CVE-2016-2518
- http://support.ntp.org/bin/view/Main/NtpBug3009
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1332160
- https://access.redhat.com/errata/RHSA-2016:1141
- https://rhn.redhat.com/errata/RHSA-2016-1552.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1331468
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
- http://rhn.redhat.com/errata/RHSA-2016-1552.html
- http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
- http://www.debian.org/security/2016/dsa-3629
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/archive/1/538233/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
- http://www.securityfocus.com/bid/88226
- http://www.securitytracker.com/id/1035705
- http://www.ubuntu.com/usn/USN-3096-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20171004-0002/
- https://support.f5.com/csp/article/K20804323
- https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
- https://www.debian.org/security/2016/dsa-3629
- https://www.kb.cert.org/vuls/id/718152
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-11 (Advisory)
- collector/security-tracker-debian
- agent/last-modified-date
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-2518
- agent/software-canonical-lookup
- agent/description
- agent/event
- agent/severity
- agent/references
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- package-manager/redhat
- vendor/siemens
- canonical/siemens simatic net cp 443-1 opc ua
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.3.0
- version/ntp ntp/4.2.8
- version/ntp ntp/4.2.8-p1
- version/ntp ntp/4.2.8-p1-beta1
- version/ntp ntp/4.2.8-p1-beta2
- version/ntp ntp/4.2.8-p1-beta3
- version/ntp ntp/4.2.8-p1-beta4
- version/ntp ntp/4.2.8-p1-beta5
- version/ntp ntp/4.2.8-p1-rc1
- version/ntp ntp/4.2.8-p1-rc2
- version/ntp ntp/4.2.8-p2
- version/ntp ntp/4.2.8-p2-rc1
- version/ntp ntp/4.2.8-p2-rc2
- version/ntp ntp/4.2.8-p2-rc3
- version/ntp ntp/4.2.8-p3
- version/ntp ntp/4.2.8-p3-rc1
- version/ntp ntp/4.2.8-p3-rc2
- version/ntp ntp/4.2.8-p3-rc3
- version/ntp ntp/4.2.8-p4
- version/ntp ntp/4.2.8-p5
- version/ntp ntp/4.2.8-p6
- version/ntp ntp/4.2.8-p7
- version/ntp ntp/4.2.8-p8
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp clustered data ontap
- canonical/netapp data ontap 7-mode
- canonical/netapp oncommand balance
- canonical/netapp oncommand performance manager
- canonical/netapp oncommand unified manager for clustered data ontap
- vendor/oracle
- canonical/oracle communications user data repository
- version/oracle communications user data repository/10.0.0
- version/oracle communications user data repository/10.0.1
- version/oracle communications user data repository/12.0.0
- canonical/oracle linux
- version/oracle linux/6
- version/oracle linux/7
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.2
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- version/redhat enterprise linux server eus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.2
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/9.3
- version/freebsd freebsd/9.3-p1
- version/freebsd freebsd/9.3-p10
- version/freebsd freebsd/9.3-p12
- version/freebsd freebsd/9.3-p13
- version/freebsd freebsd/9.3-p16
- version/freebsd freebsd/9.3-p19
- version/freebsd freebsd/9.3-p2
- version/freebsd freebsd/9.3-p20
- version/freebsd freebsd/9.3-p21
- version/freebsd freebsd/9.3-p22
- version/freebsd freebsd/9.3-p23
- version/freebsd freebsd/9.3-p24
- version/freebsd freebsd/9.3-p25
- version/freebsd freebsd/9.3-p28
- version/freebsd freebsd/9.3-p3
- version/freebsd freebsd/9.3-p30
- version/freebsd freebsd/9.3-p31
- version/freebsd freebsd/9.3-p32
- version/freebsd freebsd/9.3-p33
- version/freebsd freebsd/9.3-p34
- version/freebsd freebsd/9.3-p35
- version/freebsd freebsd/9.3-p36
- version/freebsd freebsd/9.3-p38
- version/freebsd freebsd/9.3-p39
- version/freebsd freebsd/9.3-p5
- version/freebsd freebsd/9.3-p6
- version/freebsd freebsd/9.3-p7
- version/freebsd freebsd/9.3-p8
- version/freebsd freebsd/9.3-p9
- version/freebsd freebsd/10.1
- version/freebsd freebsd/10.1-p1
- version/freebsd freebsd/10.1-p10
- version/freebsd freebsd/10.1-p12
- version/freebsd freebsd/10.1-p15
- version/freebsd freebsd/10.1-p16
- version/freebsd freebsd/10.1-p17
- version/freebsd freebsd/10.1-p18
- version/freebsd freebsd/10.1-p19
- version/freebsd freebsd/10.1-p2
- version/freebsd freebsd/10.1-p22
- version/freebsd freebsd/10.1-p24
- version/freebsd freebsd/10.1-p25
- version/freebsd freebsd/10.1-p26
- version/freebsd freebsd/10.1-p27
- version/freebsd freebsd/10.1-p28
- version/freebsd freebsd/10.1-p29
- version/freebsd freebsd/10.1-p3
- version/freebsd freebsd/10.1-p30
- version/freebsd freebsd/10.1-p31
- version/freebsd freebsd/10.1-p4
- version/freebsd freebsd/10.1-p5
- version/freebsd freebsd/10.1-p6
- version/freebsd freebsd/10.1-p7
- version/freebsd freebsd/10.1-p8
- version/freebsd freebsd/10.1-p9
- version/freebsd freebsd/10.2
- version/freebsd freebsd/10.2-p1
- version/freebsd freebsd/10.2-p10
- version/freebsd freebsd/10.2-p11
- version/freebsd freebsd/10.2-p12
- version/freebsd freebsd/10.2-p13
- version/freebsd freebsd/10.2-p14
- version/freebsd freebsd/10.2-p2
- version/freebsd freebsd/10.2-p5
- version/freebsd freebsd/10.2-p7
- version/freebsd freebsd/10.2-p8
- version/freebsd freebsd/10.2-p9
- version/freebsd freebsd/10.3
- canonical/siemens simatic net cp 443-1 opc ua firmware