ID

VAR-201701-0397


CVE

CVE-2016-2516


TITLE

NTP.org ntpd contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#718152

DESCRIPTION

NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in NTP. Software Description: - ntp: Network Time Protocol daemon and utility programs Details: Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976) Stephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978) Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. (CVE-2015-7979) Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138) Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. (CVE-2015-8158) It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727) Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547) Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548) Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550) Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. (CVE-2016-2516) Yihan Lian discovered that NTP incorrectly handled certail peer associations. (CVE-2016-2518) Jakub Prokes discovered that NTP incorrectly handled certain spoofed packets. (CVE-2016-4954) Miroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. (CVE-2016-4955) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. (CVE-2016-4956) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3096-1 CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-0727, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956 Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8" References ========== [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2016-120-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. CVE-2015-7977 / CVE-2015-7978 Stephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of "ntpdc reslist" commands may result in denial of service. CVE-2016-2518 Yihan Lian discovered that an OOB memory access could potentially crash ntpd. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1. We recommend that you upgrade your ntp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXloDyAAoJEBDCk7bDfE42sEIQAITxUHR3soJpA10Z0ermNvj9 lIk50hAgupkjg7Jfvy6GoIl3vSwaW3zteLm7PGXAQVMkN4Uu7yuC/3UKia1W4T4M Y4JqCceSpGI8Frse/hNe65q/wo7a5nNmd3zzeX477PcxvSttyQ0W5PbNofDXOWWV C9C2NmQoWKXQoaJ7VeSUtqFPCijduxzME/NIwkZTgnfHqXHLDxkOFcogfbr/xxh3 QCnocTQBMUniVGVjIkmZJvAXYxCONfWGy4Mi8XP6PmmDiYnda6cKpYR9cQq8Rrn2 jyhH/S16k7qAboNT25rJQhD7evL+G+/lQKzwTMMif1F6UZEdCdiEcMaGxBt/be2t WR+xiGg/xS/sSO4idz4+VzAhBTrKgkAiySHnuCIW43mSP4EQ19crEwodReEGo5ya UyRJzX1ocYyoanhn4GI/zLutIOJHSuo/RODTVNjTtFpR40i0RfLzI0BkbAw0MOrj gy29tneLfgzPjYMUKIpE7QKgtkEDs2PJG3tIptdR43xwRz1eQoRzNt4Iuv3174/M T0JU5/zWYcvCPLkby3YAqOZkqi+W6VoFKyTFKD6WTKujknOTkjcRGr8bqSBuV+EV /cPY7ksVajzOIP0Vh6zV2OjWqIEb1agE76VaYcKCgDpRAqvRMA5YRYt9zFV0VSLi E8XbyUv2ljEkPXFAhg6n =vLJU -----END PGP SIGNATURE-----

Trust: 3.06

sources: NVD: CVE-2016-2516 // CERT/CC: VU#718152 // JVNDB: JVNDB-2016-007712 // BID: 88180 // VULMON: CVE-2016-2516 // PACKETSTORM: 138984 // PACKETSTORM: 137992 // PACKETSTORM: 136864 // PACKETSTORM: 138052

AFFECTED PRODUCTS

vendor:ntpmodel:ntpscope:eqversion:4.3.90

Trust: 1.9

vendor:ntpmodel:ntpscope:eqversion:4.3.84

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.85

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.82

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.89

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.87

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.81

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.86

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.83

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.88

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.25

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.3.77

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.3.70

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.3.14

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.67

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.29

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.58

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.36

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.10

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.24

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.65

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.28

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.27

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.42

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.64

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.9

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.22

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.75

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.17

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.80

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.78

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.66

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.1

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.50

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.72

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.39

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.18

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.21

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.62

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.73

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.49

Trust: 1.0

vendor:ntpmodel:ntpscope:lteversion:4.2.8

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.26

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.55

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.60

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.44

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.30

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.57

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.79

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.15

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.43

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.8

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.13

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.76

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.35

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.52

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.12

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.69

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.20

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.53

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.19

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.54

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.46

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.56

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.48

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.61

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.7

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.38

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.68

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.16

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.45

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.47

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.32

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.37

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.3

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.33

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.4

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.74

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.71

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.41

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.23

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.31

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.6

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.5

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.40

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.11

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.59

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.91

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.34

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.51

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.63

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.2

Trust: 1.0

vendor:ntpmodel: - scope: - version: -

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.3.x

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.3.92

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.2.8p7

Trust: 0.8

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:ntpmodel:p74scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p153scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p150scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p8scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p7-rc2scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p7scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p6scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.1.2

Trust: 0.3

vendor:ntpmodel:4.2.8p6scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p5scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p1scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p366scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p111scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.7

Trust: 0.3

vendor:ntpmodel:4.2.5p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.0.ascope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus protector for mail securityscope:eqversion:2.80

Trust: 0.3

vendor:ibmmodel:lotus protector for mail securityscope:eqversion:2.8.1.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:ciscomodel:wap371 wireless access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience tools serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:virtual security gateway for microsoft hyper-vscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:videoscape control suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:video delivery system recorderscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unity expressscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system e-series blade serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications manager session management editionscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs directorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence profile seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence isdn linkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence exchange systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence conductorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:support centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:standalone rack server cimcscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:3210

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:1210

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sentinelscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:scosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime service catalog virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime license managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime infrastructure standalone plug and play gatewayscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrarscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:physical access managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:onepk all-in-one vmscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:network device security assessmentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:meetingplacescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:mediasensescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:media experience enginesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:management heartbeat serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:jabber guestscope:eqversion:10.0(2)

Trust: 0.3

vendor:ciscomodel:intrusion prevention system solutionsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:enterprise content delivery systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3400

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3000

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:dcm series 9900-digital content managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:content security appliance updater serversscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:connected grid routersscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:common services platform collectorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:cloud object storescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:clean access managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa cx and cisco prime security managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial routerscope:eqversion:9100

Trust: 0.3

vendor:ciscomodel:series ip phones vpn featurescope:eqversion:8800-0

Trust: 0.3

vendor:ntpmodel:ntpscope:neversion:4.3.92

Trust: 0.3

vendor:ntpmodel:4.2.8p7scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#718152 // BID: 88180 // JVNDB: JVNDB-2016-007712 // CNNVD: CNNVD-201604-607 // NVD: CVE-2016-2516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2516
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-2516
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201604-607
value: HIGH

Trust: 0.6

VULMON: CVE-2016-2516
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-2516
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2016-2516
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2016-2516 // JVNDB: JVNDB-2016-007712 // CNNVD: CNNVD-201604-607 // NVD: CVE-2016-2516

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-007712 // NVD: CVE-2016-2516

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 138984 // CNNVD: CNNVD-201604-607

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201604-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007712

PATCH

title:Oracle Solaris Third Party Bulletin - April 2016url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 0.8

title:NTP Bug 3011url:http://support.ntp.org/bin/view/Main/NtpBug3011

Trust: 0.8

title:ntpd Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61290

Trust: 0.6

title:Red Hat: CVE-2016-2516url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2516

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-708url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-708

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3096-1

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

sources: VULMON: CVE-2016-2516 // JVNDB: JVNDB-2016-007712 // CNNVD: CNNVD-201604-607

EXTERNAL IDS

db:CERT/CCid:VU#718152

Trust: 3.6

db:NVDid:CVE-2016-2516

Trust: 3.2

db:BIDid:88180

Trust: 2.0

db:SECTRACKid:1035705

Trust: 1.1

db:JVNid:JVNVU91176422

Trust: 0.8

db:JVNDBid:JVNDB-2016-007712

Trust: 0.8

db:CNNVDid:CNNVD-201604-607

Trust: 0.6

db:VULMONid:CVE-2016-2516

Trust: 0.1

db:PACKETSTORMid:138984

Trust: 0.1

db:PACKETSTORMid:137992

Trust: 0.1

db:PACKETSTORMid:136864

Trust: 0.1

db:PACKETSTORMid:138052

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-2516 // BID: 88180 // JVNDB: JVNDB-2016-007712 // PACKETSTORM: 138984 // PACKETSTORM: 137992 // PACKETSTORM: 136864 // PACKETSTORM: 138052 // CNNVD: CNNVD-201604-607 // NVD: CVE-2016-2516

REFERENCES

url:https://www.kb.cert.org/vuls/id/718152

Trust: 2.9

url:http://support.ntp.org/bin/view/main/ntpbug3011

Trust: 2.0

url:http://www.securityfocus.com/bid/88180

Trust: 1.8

url:http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security

Trust: 1.4

url:https://security.gentoo.org/glsa/201607-15

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.1

url:http://www.securitytracker.com/id/1035705

Trust: 1.1

url:http://www.debian.org/security/2016/dsa-3629

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20171004-0002/

Trust: 1.1

url:https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516

Trust: 0.9

url:http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit

Trust: 0.8

url:http://jvn.jp/vu/jvnvu91176422/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2516

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1547

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-8138

Trust: 0.4

url:http://www.ntp.org

Trust: 0.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983803

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1548

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7978

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7979

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2516

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7974

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1550

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7977

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2518

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8158

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7973

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7975

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7976

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7704

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2516

Trust: 0.1

url:https://usn.ubuntu.com/3096-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4954

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-3096-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4955

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7702

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7855

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7852

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7703

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7853

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7851

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1551

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2519

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1549

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550

Trust: 0.1

url:http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-2516 // BID: 88180 // JVNDB: JVNDB-2016-007712 // PACKETSTORM: 138984 // PACKETSTORM: 137992 // PACKETSTORM: 136864 // PACKETSTORM: 138052 // CNNVD: CNNVD-201604-607 // NVD: CVE-2016-2516

CREDITS

Yihan Lian of the Cloud Security Team, Qihoo 360

Trust: 0.9

sources: BID: 88180 // CNNVD: CNNVD-201604-607

SOURCES

db:CERT/CCid:VU#718152
db:VULMONid:CVE-2016-2516
db:BIDid:88180
db:JVNDBid:JVNDB-2016-007712
db:PACKETSTORMid:138984
db:PACKETSTORMid:137992
db:PACKETSTORMid:136864
db:PACKETSTORMid:138052
db:CNNVDid:CNNVD-201604-607
db:NVDid:CVE-2016-2516

LAST UPDATE DATE

2024-11-23T19:33:32.107000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#718152date:2016-04-28T00:00:00
db:VULMONid:CVE-2016-2516date:2017-11-21T00:00:00
db:BIDid:88180date:2016-10-10T00:21:00
db:JVNDBid:JVNDB-2016-007712date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201604-607date:2017-02-10T00:00:00
db:NVDid:CVE-2016-2516date:2024-11-21T02:48:36.117

SOURCES RELEASE DATE

db:CERT/CCid:VU#718152date:2016-04-27T00:00:00
db:VULMONid:CVE-2016-2516date:2017-01-30T00:00:00
db:BIDid:88180date:2016-04-26T00:00:00
db:JVNDBid:JVNDB-2016-007712date:2017-03-13T00:00:00
db:PACKETSTORMid:138984date:2016-10-05T22:33:00
db:PACKETSTORMid:137992date:2016-07-21T15:56:23
db:PACKETSTORMid:136864date:2016-05-02T21:38:58
db:PACKETSTORMid:138052date:2016-07-26T19:19:00
db:CNNVDid:CNNVD-201604-607date:2016-04-28T00:00:00
db:NVDid:CVE-2016-2516date:2017-01-30T21:59:01.003