ID

VAR-201701-0399


CVE

CVE-2016-2518


TITLE

NTP.org ntpd contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#718152

DESCRIPTION

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in NTP. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976) Stephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978) Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. (CVE-2015-7979) Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138) Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. (CVE-2015-8158) It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727) Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548) Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. (CVE-2016-1550) Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. (CVE-2016-4956) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11 In general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8" References ========== [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 ===================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA= =hETy -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. CVE-2015-7977 / CVE-2015-7978 Stephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of "ntpdc reslist" commands may result in denial of service. CVE-2016-2518 Yihan Lian discovered that an OOB memory access could potentially crash ntpd. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1. We recommend that you upgrade your ntp packages

Trust: 3.24

sources: NVD: CVE-2016-2518 // CERT/CC: VU#718152 // JVNDB: JVNDB-2016-007714 // BID: 88226 // VULMON: CVE-2016-2518 // PACKETSTORM: 138984 // PACKETSTORM: 138162 // PACKETSTORM: 137992 // PACKETSTORM: 137244 // PACKETSTORM: 136864 // PACKETSTORM: 138052

AFFECTED PRODUCTS

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 1.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 1.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 1.3

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:9.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications user data repositoryscope:eqversion:12.0.0

Trust: 1.0

vendor:netappmodel:oncommand balancescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:10.3

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.3.92

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:10.2

Trust: 1.0

vendor:siemensmodel:simatic net cp 443-1 opc uascope:eqversion:*

Trust: 1.0

vendor:netappmodel:oncommand unified manager for clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.2.8

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:netappmodel:oncommand performance managerscope:eqversion: -

Trust: 1.0

vendor:ntpmodel:ntpscope:gteversion:4.3.0

Trust: 1.0

vendor:oraclemodel:communications user data repositoryscope:eqversion:10.0.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:communications user data repositoryscope:eqversion:10.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.90

Trust: 0.9

vendor:ntpmodel: - scope: - version: -

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.3.92

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.3.x

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion: -

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.2.8p9

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.3.84

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.82

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.85

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.89

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.91

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.87

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.81

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.86

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.88

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:ciscomodel:telepresence isdn linkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:physical access managerscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.77

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.02

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ciscomodel:dcm series 9900-digital content managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.9

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.25

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.4

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.1.0

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.20

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.2.4

Trust: 0.3

vendor:oraclemodel:exalogic infrastructurescope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:enterprise content delivery systemscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ntpmodel:4.2.8p6scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.7

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.18

Trust: 0.3

vendor:ibmmodel:security privileged identity managerscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.16

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.13

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.0

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3400

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.0

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.7

Trust: 0.3

vendor:ntpmodel:p153scope:eqversion:4.2.5

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 0.3

vendor:ciscomodel:video delivery system recorderscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:3210

Trust: 0.3

vendor:ntpmodel:p7-rc2scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:jabber guestscope:eqversion:10.0(2)

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:ntpmodel:p150scope:eqversion:4.2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.8

Trust: 0.3

vendor:ciscomodel:network device security assessmentscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.1

Trust: 0.3

vendor:ciscomodel:prime license managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa cx and cisco prime security managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:ntpmodel:4.2.5p3scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.2

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:standalone rack server cimcscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:ciscomodel:telepresence conductorscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.19

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.8

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:ciscomodel:prime infrastructure standalone plug and play gatewayscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unity expressscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:content security appliance updater serversscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.70

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.5

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.2

Trust: 0.3

vendor:ntpmodel:p8scope:eqversion:4.2.4

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.8.1.0

Trust: 0.3

vendor:ntpmodel:4.2.8p5scope: - version: -

Trust: 0.3

vendor:oraclemodel:exalogic infrastructurescope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:telepresence exchange systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.8.2.0

Trust: 0.3

vendor:ciscomodel:prime access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:scosscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:7.7.9.0

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ntpmodel:4.2.7p111scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager session management editionscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.4

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:ciscomodel:meetingplacescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security privileged identity manager fixpackscope:neversion:2.0.28

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.6

Trust: 0.3

vendor:ciscomodel:support centralscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:5000

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.2

Trust: 0.3

vendor:ciscomodel:virtual security gateway for microsoft hyper-vscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system e-series blade serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node eusscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:clean access managerscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:ntpscope:neversion:4.3.92

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.3

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.11

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.10

Trust: 0.3

vendor:ntpmodel:p74scope:eqversion:4.2.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:common services platform collectorscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.8.4.0

Trust: 0.3

vendor:ciscomodel:prime service catalog virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.26

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.17

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.15

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.12

Trust: 0.3

vendor:ibmmodel:lotus protector for mail securityscope:eqversion:2.80

Trust: 0.3

vendor:ciscomodel:prime access registrarscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wap371 wireless access pointscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 0.3

vendor:ciscomodel:onepk all-in-one vmscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:media experience enginesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:intrusion prevention system solutionsscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.1

Trust: 0.3

vendor:ciscomodel:access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.14

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3000

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.8.5.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:videoscape control suitescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.9

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.3

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:management heartbeat serverscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:ciscomodel:series ip phones vpn featurescope:eqversion:8800-0

Trust: 0.3

vendor:ciscomodel:mediasensescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:lotus protector for mail securityscope:eqversion:2.8.1.0

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:1210

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ciscomodel:industrial routerscope:eqversion:9100

Trust: 0.3

vendor:ntpmodel:p6scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:ucs centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence profile seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.8.3.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:visual quality experience tools serverscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.4

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.03

Trust: 0.3

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p7scope:neversion: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.7p366scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:ciscomodel:connected grid routersscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.4

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.1.10

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0.0.5

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sentinelscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security identity governance and intelligencescope:eqversion:5.2.1

Trust: 0.3

vendor:ntpmodel:p7scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:nac serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:cloud object storescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:ciscomodel:ucs directorscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:nac appliancescope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#718152 // BID: 88226 // JVNDB: JVNDB-2016-007714 // CNNVD: CNNVD-201604-609 // NVD: CVE-2016-2518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2518
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-2518
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201604-609
value: MEDIUM

Trust: 0.6

VULMON: CVE-2016-2518
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2518
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2016-2518
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2016-2518
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2016-2518 // JVNDB: JVNDB-2016-007714 // CNNVD: CNNVD-201604-609 // NVD: CVE-2016-2518

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2016-007714 // NVD: CVE-2016-2518

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 138984 // PACKETSTORM: 138162 // PACKETSTORM: 137244 // CNNVD: CNNVD-201604-609

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201604-609

PATCH

title:Oracle Solaris Third Party Bulletin - April 2016url:http://support.ntp.org/bin/view/Main/NtpBug3009

Trust: 0.8

title:ntpd Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61292

Trust: 0.6

title:Red Hat: CVE-2016-2518url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2518

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-708url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-708

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3096-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=85311fa037162a48cd67fd63f52a6478

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=83bbd91f8369c8f064e6d68dac68400f

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d

Trust: 0.1

title:satellite-host-cveurl:https://github.com/RedHatSatellite/satellite-host-cve

Trust: 0.1

sources: VULMON: CVE-2016-2518 // JVNDB: JVNDB-2016-007714 // CNNVD: CNNVD-201604-609

EXTERNAL IDS

db:CERT/CCid:VU#718152

Trust: 3.6

db:NVDid:CVE-2016-2518

Trust: 3.4

db:BIDid:88226

Trust: 2.0

db:PACKETSTORMid:136864

Trust: 1.8

db:SECTRACKid:1035705

Trust: 1.7

db:SIEMENSid:SSA-211752

Trust: 1.7

db:ICS CERTid:ICSA-21-159-11

Trust: 1.7

db:JVNid:JVNVU95781418

Trust: 0.8

db:JVNid:JVNVU91176422

Trust: 0.8

db:JVNDBid:JVNDB-2016-007714

Trust: 0.8

db:CS-HELPid:SB2021061008

Trust: 0.6

db:CNNVDid:CNNVD-201604-609

Trust: 0.6

db:VULMONid:CVE-2016-2518

Trust: 0.1

db:PACKETSTORMid:138984

Trust: 0.1

db:PACKETSTORMid:138162

Trust: 0.1

db:PACKETSTORMid:137992

Trust: 0.1

db:PACKETSTORMid:137244

Trust: 0.1

db:PACKETSTORMid:138052

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-2518 // BID: 88226 // JVNDB: JVNDB-2016-007714 // PACKETSTORM: 138984 // PACKETSTORM: 138162 // PACKETSTORM: 137992 // PACKETSTORM: 137244 // PACKETSTORM: 136864 // PACKETSTORM: 138052 // CNNVD: CNNVD-201604-609 // NVD: CVE-2016-2518

REFERENCES

url:https://www.kb.cert.org/vuls/id/718152

Trust: 2.9

url:http://www.debian.org/security/2016/dsa-3629

Trust: 2.8

url:http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security

Trust: 2.5

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2016:1141

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Trust: 2.0

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd

Trust: 2.0

url:https://security.gentoo.org/glsa/201607-15

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-1552.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-3096-1

Trust: 1.8

url:http://support.ntp.org/bin/view/main/ntpbug3009

Trust: 1.7

url:http://www.securityfocus.com/bid/88226

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.7

url:http://www.securitytracker.com/id/1035705

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171004-0002/

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Trust: 1.7

url:http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html

Trust: 1.7

url:http://www.securityfocus.com/archive/1/538233/100/0/threaded

Trust: 1.7

url:http://packetstormsecurity.com/files/136864/slackware-security-advisory-ntp-updates.html

Trust: 1.7

url:https://support.f5.com/csp/article/k20804323

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183647.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184669.html

Trust: 1.7

url:http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit

Trust: 0.8

url:http://jvn.jp/vu/jvnvu91176422/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95781418/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2518

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1547

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061008

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-1548

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7979

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1550

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-2518

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-8138

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-2518

Trust: 0.3

url:http://www.ntp.org/

Trust: 0.3

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1021521

Trust: 0.3

url:http://support.ntp.org/bin/view/main/ntpbug3009

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983803

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21985122

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21986956

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21988706

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21989542

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7978

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2516

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7974

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7977

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8158

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7973

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7975

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7976

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7979

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1547

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1548

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1550

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7704

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/3096-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4954

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4955

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7702

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7855

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7852

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7703

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7853

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7851

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1551

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2519

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1549

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550

Trust: 0.1

url:http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2016-2518 // BID: 88226 // JVNDB: JVNDB-2016-007714 // PACKETSTORM: 138984 // PACKETSTORM: 138162 // PACKETSTORM: 137992 // PACKETSTORM: 137244 // PACKETSTORM: 136864 // PACKETSTORM: 138052 // CNNVD: CNNVD-201604-609 // NVD: CVE-2016-2518

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-201604-609

SOURCES

db:CERT/CCid:VU#718152
db:VULMONid:CVE-2016-2518
db:BIDid:88226
db:JVNDBid:JVNDB-2016-007714
db:PACKETSTORMid:138984
db:PACKETSTORMid:138162
db:PACKETSTORMid:137992
db:PACKETSTORMid:137244
db:PACKETSTORMid:136864
db:PACKETSTORMid:138052
db:CNNVDid:CNNVD-201604-609
db:NVDid:CVE-2016-2518

LAST UPDATE DATE

2024-08-14T12:25:04.899000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#718152date:2016-04-28T00:00:00
db:VULMONid:CVE-2016-2518date:2021-06-10T00:00:00
db:BIDid:88226date:2016-11-24T01:07:00
db:JVNDBid:JVNDB-2016-007714date:2021-06-10T09:03:00
db:CNNVDid:CNNVD-201604-609date:2021-06-11T00:00:00
db:NVDid:CVE-2016-2518date:2021-06-10T13:15:07.937

SOURCES RELEASE DATE

db:CERT/CCid:VU#718152date:2016-04-27T00:00:00
db:VULMONid:CVE-2016-2518date:2017-01-30T00:00:00
db:BIDid:88226date:2016-04-26T00:00:00
db:JVNDBid:JVNDB-2016-007714date:2017-03-13T00:00:00
db:PACKETSTORMid:138984date:2016-10-05T22:33:00
db:PACKETSTORMid:138162date:2016-08-03T18:16:52
db:PACKETSTORMid:137992date:2016-07-21T15:56:23
db:PACKETSTORMid:137244date:2016-05-31T13:33:49
db:PACKETSTORMid:136864date:2016-05-02T21:38:58
db:PACKETSTORMid:138052date:2016-07-26T19:19:00
db:CNNVDid:CNNVD-201604-609date:2016-04-28T00:00:00
db:NVDid:CVE-2016-2518date:2017-01-30T21:59:01.080